{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-12-30T00:00:00", "descriptions": [{"lang": "en", "value": "OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-02-22T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"}, {"name": "[caml-list] 20111230 Hashtbl and security", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.mail-archive.com/caml-list%40inria.fr/msg01477.html"}, {"name": "47853", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47853"}, {"name": "[caml-list] 20111230 Re: Hashtbl and security", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.mail-archive.com/caml-list%40inria.fr/msg01478.html"}, {"name": "[oss-security] 20120206 Re: CVE request: Hash DoS vulnerability (ocert-2011-003)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2012/02/07/2"}, {"name": "[oss-security] 20120206 CVE request: Hash DoS vulnerability (ocert-2011-003)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2012/02/07/1"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ocert.org/advisories/ocert-2011-003.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:38:14.933Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"}, {"name": "[caml-list] 20111230 Hashtbl and security", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.mail-archive.com/caml-list%40inria.fr/msg01477.html"}, {"name": "47853", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47853"}, {"name": "[caml-list] 20111230 Re: Hashtbl and security", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.mail-archive.com/caml-list%40inria.fr/msg01478.html"}, {"name": "[oss-security] 20120206 Re: CVE request: Hash DoS vulnerability (ocert-2011-003)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2012/02/07/2"}, {"name": "[oss-security] 20120206 CVE request: Hash DoS vulnerability (ocert-2011-003)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2012/02/07/1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ocert.org/advisories/ocert-2011-003.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0839", "datePublished": "2012-02-08T20:00:00", "dateReserved": "2012-01-19T00:00:00", "dateUpdated": "2024-08-06T18:38:14.933Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:inria:ocaml:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7FCCC63-2144-41C8-A384-B6AB6EAA4929", "versionEndIncluding": "3.12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:1.07:*:*:*:*:*:*:*", "matchCriteriaId": "8160D4BF-3382-4E3D-97E6-11C6B0C3621B", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:2.02:*:*:*:*:*:*:*", "matchCriteriaId": "C5EE9202-74C8-471E-9971-F61133468A11", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:2.04:*:*:*:*:*:*:*", "matchCriteriaId": "450149B1-9AD3-4805-A1F1-30DF8F689E3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:2.99:alpha:*:*:*:*:*:*", "matchCriteriaId": "A28707EA-0DB5-4205-B725-3AA21EEF8F19", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:3.00:*:*:*:*:*:*:*", "matchCriteriaId": "E7629BE3-2FEF-456F-B8FD-6F984204E007", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:3.01:*:*:*:*:*:*:*", "matchCriteriaId": "9D3BDB5A-F5B5-44E3-8BE5-42BDECFEBEF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:3.02:*:*:*:*:*:*:*", "matchCriteriaId": "BB498E45-8F15-463C-BDEA-E3C60F8FC9F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:3.03:alpha:*:*:*:*:*:*", "matchCriteriaId": "5CB7041D-F3FB-4E66-A5AC-DA04ED4687F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:3.04:*:*:*:*:*:*:*", "matchCriteriaId": "D8708B04-4E69-45A8-88A2-34F31DFC3D24", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:3.05:beta:*:*:*:*:*:*", "matchCriteriaId": "2FC1A656-4F08-4630-A580-5BEAEF6987D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:3.06:*:*:*:*:*:*:*", "matchCriteriaId": "6284D4FB-9339-4034-8110-A014C5778534", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:3.07:*:*:*:*:*:*:*", "matchCriteriaId": "D6D71DF2-7C71-4B84-8F0A-DA9C021B700A", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:3.07:beta1:*:*:*:*:*:*", "matchCriteriaId": "A6526238-EF6B-485F-88E4-5FB9B37F917F", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:3.07:beta2:*:*:*:*:*:*", "matchCriteriaId": "C091ABFB-F333-4098-B47B-675BC8387B79", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:3.07:pl2:*:*:*:*:*:*", "matchCriteriaId": "580DB00F-0D6D-4105-BA4D-63738588F8E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:3.08:*:*:*:*:*:*:*", "matchCriteriaId": "74BFD663-606E-4738-8D69-F3FD5A6EE458", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:3.09:*:*:*:*:*:*:*", "matchCriteriaId": "EE0FBBB4-4226-49BA-884B-06314F7340F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:3.10:*:*:*:*:*:*:*", "matchCriteriaId": "52CB95FB-BEEB-4939-8DD4-433BEE5B2E52", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:3.11:*:*:*:*:*:*:*", "matchCriteriaId": "5E70C216-47F6-4D62-A1D1-EE81C6A64B18", "vulnerable": true}, {"criteria": "cpe:2.3:a:inria:ocaml:3.12:*:*:*:*:*:*:*", "matchCriteriaId": "2CF51308-F5C5-4FBA-A6C3-2A7F975BA7E4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table."}, {"lang": "es", "value": "oCaml v3.12.1 y anteriores calcula los valores de hash sin restringir la capacidad para activar las colisiones hash predecibles, lo que permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de entrada modificada a una aplicaci\u00f3n que mantiene una tabla hash."}], "id": "CVE-2012-0839", "lastModified": "2024-11-21T01:35:49.273", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-02-08T20:55:00.797", "references": [{"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2012/02/07/1"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2012/02/07/2"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/47853"}, {"source": "secalert@redhat.com", "url": "http://www.mail-archive.com/caml-list%40inria.fr/msg01477.html"}, {"source": "secalert@redhat.com", "url": "http://www.mail-archive.com/caml-list%40inria.fr/msg01478.html"}, {"source": "secalert@redhat.com", "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"}, {"source": "secalert@redhat.com", "url": "http://www.ocert.org/advisories/ocert-2011-003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2012/02/07/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2012/02/07/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/47853"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mail-archive.com/caml-list%40inria.fr/msg01477.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mail-archive.com/caml-list%40inria.fr/msg01478.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ocert.org/advisories/ocert-2011-003.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "ocaml: hash table collisions CPU usage DoS (oCERT-2011-003)", "id": "787888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=787888"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table."], "name": "CVE-2012-0839", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "ocaml", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2011-12-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-0839\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-0839"], "statement": "The Red Hat Security Response Team has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}