CVE-2012-0841

CWE-399 CWE-40711 documents8 sources

Severity

5.0MEDIUM

EPSS

1.0%

top 22.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Xmlsoft Libxml2

Timeline

PublishedDec 21

Latest updateMay 17

Description

libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Debianlibxml2< 2.7.8.dfsg-8+3

▶NVDxmlsoft/libxml22.7.8+122

▶NVDapple/iphone_os6.1.4+47

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-339p-rqfr-wg3j: libxml2 before 2↗2022-05-17

▶

OSV

CVE-2012-0841: libxml2 before 2↗2012-12-21

▶

CVEList

CVE-2012-0841: libxml2 before 2↗2012-12-21

▶

📋Vendor Advisories

Ubuntu

libxml2 vulnerability↗2012-02-27

▶

Red Hat

libxml2: hash table collisions CPU usage DoS↗2012-02-21

▶

Debian

CVE-2012-0841: libxml2 - libxml2 before 2.8.0 computes hash values without restricting the ability to tri...↗2012

▶

💬Community

Bugzilla

CVE-2012-0841 libxml2: hash table collisions CPU usage DoS [fedora-all]↗2012-02-21

▶

Bugzilla

CVE-2012-0841 libxml2: hash table collisions CPU usage DoS [epel-5]↗2012-02-21

▶

Bugzilla

CVE-2012-0841 libxml2: hash table collisions CPU usage DoS [fedora-all]↗2012-02-21

▶

Bugzilla

CVE-2012-0841 libxml2: hash table collisions CPU usage DoS↗2012-02-03

▶