CVE-2012-0841

libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.

Published date
2012-12-21T05:46Z
Last modification date
2023-02-13T00:23Z
Assigner
secalert@redhat.com
Problem type
CWE-399
NameURLSourceTags
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0841_denial_ofhttps://blogs.oracle.com/sunsecurity/entry/cve_2012_0841_denial_ofCONFIRM
http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412ahttp://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412aCONFIRM
[oss-security] 20120222 libxml2: hash table collisions CPU usage DoShttp://www.openwall.com/lists/oss-security/2012/02/22/1MLIST
1026723http://securitytracker.com/id?1026723SECTRACK
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846MISC
DSA-2417http://www.debian.org/security/2012/dsa-2417DEBIAN
RHSA-2012:0324http://rhn.redhat.com/errata/RHSA-2012-0324.htmlREDHAT
http://xmlsoft.org/news.htmlhttp://xmlsoft.org/news.htmlCONFIRM
52107http://www.securityfocus.com/bid/52107BIDPatch
RHSA-2013:0217http://rhn.redhat.com/errata/RHSA-2013-0217.htmlREDHAT
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.htmlCONFIRM
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdfhttp://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdfCONFIRM
http://support.apple.com/kb/HT5934http://support.apple.com/kb/HT5934CONFIRM
APPLE-SA-2013-09-18-2http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.htmlAPPLE
54886http://secunia.com/advisories/54886SECUNIA
MDVSA-2013:150http://www.mandriva.com/security/advisories?name=MDVSA-2013:150MANDRIVA
APPLE-SA-2013-10-22-8http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.htmlAPPLE
SUSE-SU-2013:1627http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.htmlSUSE
55568http://secunia.com/advisories/55568SECUNIA
http://support.apple.com/kb/HT6001http://support.apple.com/kb/HT6001CONFIRM