The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
Advisories
Source ID Title
Debian DLA Debian DLA DLA-508-1 expat security update
Debian DSA Debian DSA DSA-2525-1 expat security update
Debian DSA Debian DSA DSA-3597-1 expat security update
EUVD EUVD EUVD-2012-0901 The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
Ubuntu USN Ubuntu USN USN-1527-1 Expat vulnerabilities
Ubuntu USN Ubuntu USN USN-1527-2 XML-RPC for C and C++ vulnerabilities
Ubuntu USN Ubuntu USN USN-1613-1 Python 2.5 vulnerabilities
Ubuntu USN Ubuntu USN USN-1613-2 Python 2.4 vulnerabilities
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-06T18:38:15.063Z

Reserved: 2012-01-19T00:00:00

Link: CVE-2012-0876

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2012-07-03T19:55:02.210

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-0876

cve-icon Redhat

Severity : Moderate

Publid Date: 2012-03-03T00:00:00Z

Links: CVE-2012-0876 - Bugzilla

cve-icon OpenCVE Enrichment

No data.