Description

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

Remediation

References

CVE-2012-0876

Related Vulnerabilities

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-1648)

OpenSSL Resource Management Errors Vulnerability (CVE-2011-4577)

Oracle JRE CVE-2013-2407 Vulnerability (CVE-2013-2407)

MySQL CVE-2018-2590 Vulnerability (CVE-2018-2590)

WordPress Plugin AB Press Optimizer Multiple Cross-Site Scripting Vulnerabilities (1.1.1)

Severity

Medium

Classification

CVE-2012-0876 CWE-400

Tags

Missing Update Known Vulnerabilities