Description

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

Remediation

References

CVE-2012-0876

Related Vulnerabilities

Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-16358)

Oracle Database Server Other Vulnerability (CVE-2005-1197)

Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.25)

PHP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-7272)

MySQL CVE-2019-2993 Vulnerability (CVE-2019-2993)

Severity

Medium

Classification

CVE-2012-0876 CWE-400

Tags

Missing Update Known Vulnerabilities