CVE-2012-6702 — Use of Insufficiently Random Values in Project Libexpat
Severity
5.9MEDIUMNVD
EPSS
0.6%
top 29.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 16
Latest updateMay 13
Description
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages2 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 15.10, 16.04
🔴Vulnerability Details
4GHSA▶
GHSA-qfwq-qvmm-7j3x: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat c↗2022-05-13
OSV▶
CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat c↗2016-06-16
CVEList▶
CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat c↗2016-06-16
📋Vendor Advisories
7Android▶
CVE-2012-6702: Android Security Bulletin 2016-11-01
CVE: CVE-2012-6702
Severity: MEDIUM
Affected AOSP versions: 4↗2016-11-01
💬Community
6Bugzilla▶
CVE-2012-6702 mingw-expat: expat: Using XML_Parse before rand() results into non-random output [fedora-all]↗2016-03-21
Bugzilla
▶
Bugzilla▶
CVE-2012-6702 expat21: expat: Using XML_Parse before rand() results into non-random output [epel-all]↗2016-03-21
Bugzilla▶
CVE-2012-6702 mingw-expat: expat: Using XML_Parse before rand() results into non-random output [epel-7]↗2016-03-21
Bugzilla▶
CVE-2012-6702 expat: Using XML_Parse before rand() results into non-random output [fedora-all]↗2016-03-21