CVE-2012-0876
published 2012-07-03CVE-2012-0876: The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows…
medium4.3CVSS 3.0
AVNACMAuNCNINAP
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
Affected
40 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_el_capitan_10.11.2_security_update_2015-005_yosemite_and_security_update_20 | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | expat | < expat 2.1.1-3 (bookworm) | expat 2.1.1-3 (bookworm) |
| debian | expat | < expat 2.1.0~beta3-1 (bookworm) | expat 2.1.0~beta3-1 (bookworm) |
| debian | libxmltok | < expat 2.1.1-3 (bookworm) | expat 2.1.1-3 (bookworm) |
| debian | libxmltok | < expat 2.1.0~beta3-1 (bookworm) | expat 2.1.0~beta3-1 (bookworm) |
| debian | xmlrpc-c | < expat 2.1.0~beta3-1 (bookworm) | expat 2.1.0~beta3-1 (bookworm) |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| libexpat_project | libexpat | < 2.2.0 | 2.2.0 |
| libexpat_project | libexpat | < 2.1.0 | 2.1.0 |
| oracle | solaris | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM