{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-08-20T00:00:00", "descriptions": [{"lang": "en", "value": "OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-06T14:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "55114", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/55114"}, {"name": "[oss-security] 20120820 ocaml-xml-light: hash table collisions CPU usage DoS CVE-2012-3514", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/08/21/2"}, {"name": "MDVSA-2013:107", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:107"}, {"name": "50311", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50311"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0266"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:05:12.853Z"}, "title": "CVE Program Container", "references": [{"name": "55114", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/55114"}, {"name": "[oss-security] 20120820 ocaml-xml-light: hash table collisions CPU usage DoS CVE-2012-3514", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/08/21/2"}, {"name": "MDVSA-2013:107", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:107"}, {"name": "50311", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50311"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0266"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-3514", "datePublished": "2012-08-25T10:00:00", "dateReserved": "2012-06-14T00:00:00", "dateUpdated": "2024-08-06T20:05:12.853Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nicolas_cannasse:ocaml_xml-light_library:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC6DDF9D-684B-4EBD-AFD4-BE45867F6372", "versionEndIncluding": "r233", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via unspecified vectors."}, {"lang": "es", "value": "OCaml Xml-Light Library antes R234 calcula los valores de hash sin restringir la capacidad de provocar colisiones hash predecibles, lo que permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de vectores no especificados."}], "id": "CVE-2012-3514", "lastModified": "2014-02-12T04:38:04.580", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-25T10:29:52.897", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/50311"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:107"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/08/21/2"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/55114"}, {"source": "secalert@redhat.com", "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0266"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "ocaml-xml-light: hash table collisions CPU usage DoS", "id": "787890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=787890"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via unspecified vectors."], "name": "CVE-2012-3514", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "ocaml-xml-light", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2012-02-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-3514\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-3514"], "statement": "The Red Hat Security Response Team has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}