The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-508-1 | expat security update |
![]() |
DSA-3597-1 | expat security update |
![]() |
EUVD-2016-6251 | The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. |
![]() |
USN-3010-1 | Expat vulnerabilities |
![]() |
USN-3013-1 | XML-RPC for C and C++ vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T01:00:57.567Z
Reserved: 2016-06-04T00:00:00
Link: CVE-2016-5300

No data.

Status : Deferred
Published: 2016-06-16T18:59:10.547
Modified: 2025-04-12T10:46:40.837
Link: CVE-2016-5300


No data.