Vulnerability Data

by Reconmap

CVE-2012-0841

libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.

Published at
2012-12-21T05:46Z
4006 days ago
Modified
2023-02-13T00:23Z
300 days ago
CWE-399
Problem type

References


URLType
blogs.oracle.com
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0841_denial_of		CONFIRM
git.gnome.org
http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a		CONFIRM
[oss-security] 20120222 libxml2: hash table collisions CPU usage DoS
http://www.openwall.com/lists/oss-security/2012/02/22/1		MLIST
1026723
http://securitytracker.com/id?1026723		SECTRACK
bugs.debian.org
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846		MISC
DSA-2417
http://www.debian.org/security/2012/dsa-2417		DEBIAN
RHSA-2012:0324
http://rhn.redhat.com/errata/RHSA-2012-0324.html		REDHAT
xmlsoft.org
http://xmlsoft.org/news.html		CONFIRM
52107
http://www.securityfocus.com/bid/52107		BID
RHSA-2013:0217
http://rhn.redhat.com/errata/RHSA-2013-0217.html		REDHAT
www.oracle.com
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html		CONFIRM
www.xerox.com
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf		CONFIRM
support.apple.com
http://support.apple.com/kb/HT5934		CONFIRM
APPLE-SA-2013-09-18-2
http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html		APPLE
54886
http://secunia.com/advisories/54886		SECUNIA
MDVSA-2013:150
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150		MANDRIVA
APPLE-SA-2013-10-22-8
http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html		APPLE
SUSE-SU-2013:1627
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html		SUSE
55568
http://secunia.com/advisories/55568		SECUNIA
support.apple.com
http://support.apple.com/kb/HT6001		CONFIRM

GET https://vulnerabilitydata.com/api/details/CVE-2012-0841

{
	"id": "CVE-2012-0841",
	"published_date": "2012-12-21T05:46Z",
	"last_modified_date": "2023-02-13T00:23Z",
	"assigner": "secalert@redhat.com",
	"description": "libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.",
	"references": [
		{
			"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0841_denial_of",
			"name": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0841_denial_of",
			"refsource": "CONFIRM",
			"tags": []
		},
		{
			"url": "http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a",
			"name": "http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a",
			"refsource": "CONFIRM",
			"tags": []
		},
		{
			"url": "http://www.openwall.com/lists/oss-security/2012/02/22/1",
			"name": "[oss-security] 20120222 libxml2: hash table collisions CPU usage DoS",
			"refsource": "MLIST",
			"tags": []
		},
		{
			"url": "http://securitytracker.com/id?1026723",
			"name": "1026723",
			"refsource": "SECTRACK",
			"tags": []
		},
		{
			"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846",
			"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846",
			"refsource": "MISC",
			"tags": []
		},
		{
			"url": "http://www.debian.org/security/2012/dsa-2417",
			"name": "DSA-2417",
			"refsource": "DEBIAN",
			"tags": []
		},
		{
			"url": "http://rhn.redhat.com/errata/RHSA-2012-0324.html",
			"name": "RHSA-2012:0324",
			"refsource": "REDHAT",
			"tags": []
		},
		{
			"url": "http://xmlsoft.org/news.html",
			"name": "http://xmlsoft.org/news.html",
			"refsource": "CONFIRM",
			"tags": []
		},
		{
			"url": "http://www.securityfocus.com/bid/52107",
			"name": "52107",
			"refsource": "BID",
			"tags": [
				"Patch"
			]
		},
		{
			"url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html",
			"name": "RHSA-2013:0217",
			"refsource": "REDHAT",
			"tags": []
		},
		{
			"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
			"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
			"refsource": "CONFIRM",
			"tags": []
		},
		{
			"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
			"name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
			"refsource": "CONFIRM",
			"tags": []
		},
		{
			"url": "http://support.apple.com/kb/HT5934",
			"name": "http://support.apple.com/kb/HT5934",
			"refsource": "CONFIRM",
			"tags": []
		},
		{
			"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html",
			"name": "APPLE-SA-2013-09-18-2",
			"refsource": "APPLE",
			"tags": []
		},
		{
			"url": "http://secunia.com/advisories/54886",
			"name": "54886",
			"refsource": "SECUNIA",
			"tags": []
		},
		{
			"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
			"name": "MDVSA-2013:150",
			"refsource": "MANDRIVA",
			"tags": []
		},
		{
			"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html",
			"name": "APPLE-SA-2013-10-22-8",
			"refsource": "APPLE",
			"tags": []
		},
		{
			"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html",
			"name": "SUSE-SU-2013:1627",
			"refsource": "SUSE",
			"tags": []
		},
		{
			"url": "http://secunia.com/advisories/55568",
			"name": "55568",
			"refsource": "SECUNIA",
			"tags": []
		},
		{
			"url": "http://support.apple.com/kb/HT6001",
			"name": "http://support.apple.com/kb/HT6001",
			"refsource": "CONFIRM",
			"tags": []
		}
	],
	"impact": {
		"baseMetricV2": {
			"cvssV2": {
				"version": "2.0",
				"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
				"accessVector": "NETWORK",
				"accessComplexity": "LOW",
				"authentication": "NONE",
				"confidentialityImpact": "NONE",
				"integrityImpact": "NONE",
				"availabilityImpact": "PARTIAL",
				"baseScore": 5
			},
			"severity": "MEDIUM",
			"exploitabilityScore": 10,
			"impactScore": 2.9,
			"acInsufInfo": false,
			"obtainAllPrivilege": false,
			"obtainUserPrivilege": false,
			"obtainOtherPrivilege": false,
			"userInteractionRequired": false
		}
	},
	"problem_type": "CWE-399"
}