CVE-2012-0876

{"id": "CVE-2012-0876", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-07-03T19:55:02.210", "references": [{"url": "http://bugs.python.org/issue13703#msg151870", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", "tags": ["Broken Link", "Mailing List"], "source": "secalert@redhat.com"}, {"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html", "tags": ["Broken Link", "Mailing List"], "source": "secalert@redhat.com"}, {"url": "http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-0731.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0062.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/49504", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/51024", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/51040", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://sourceforge.net/projects/expat/files/expat/2.1.0/", "tags": ["Release Notes", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2012/dsa-2525", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:041", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/52379", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-1527-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-1613-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-1613-2", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "https://support.apple.com/HT205637", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.tenable.com/security/tns-2016-20", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value."}, {"lang": "es", "value": "El analizador XML (xmlparse.c) en expat antes de v2.1.0 calcula los valores de hash sin restringir la capacidad de desencadenar colisiones hash de forma predecible, lo que permite causar una denegaci\u00f3n de servicio (por consumo de CPU) a atacantes dependientes de contexto a trav\u00e9s de un archivo XML con muchos identificadores con el mismo valor."}], "lastModified": "2022-08-05T14:52:31.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B435E8AA-8792-4F5A-9F06-203D998E1A32", "versionEndExcluding": "2.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6229588C-F7CC-4B5B-B3EF-88B5C8DFB989", "versionEndExcluding": "2.6.8", "versionStartIncluding": "2.6.0"}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2AACE9B-4A26-436B-A75A-FE1AB98B7706", "versionEndExcluding": "2.7.3", "versionStartIncluding": "2.7.0"}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4267C919-3B32-46A1-8B95-514E0B721440", "versionEndExcluding": "3.1.5", "versionStartIncluding": "3.1.0"}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1FCEF2B-A273-431E-819A-A5CE0F52A63C", "versionEndExcluding": "3.2.3", "versionStartIncluding": "3.2.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244"}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52B90A04-DD6D-4AE7-A0E5-6B381127D507"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0554C89-3716-49F3-BFAE-E008D5E4E29C"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD6D0378-F0F4-4AAA-80AF-8287C790EC96"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}