{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-03-04T00:00:00", "descriptions": [{"lang": "en", "value": "The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-31T07:06:47", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "49504", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/49504"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2016-20"}, {"name": "USN-1527-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1527-1"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.python.org/issue13703#msg151870"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT205637"}, {"name": "51040", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51040"}, {"name": "RHSA-2012:0731", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0731.html"}, {"name": "52379", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/52379"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/projects/expat/files/expat/2.1.0/"}, {"name": "RHSA-2016:0062", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0062.html"}, {"name": "APPLE-SA-2013-10-22-3", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"}, {"name": "APPLE-SA-2015-12-08-3", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"}, {"name": "DSA-2525", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2012/dsa-2525"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"name": "MDVSA-2012:041", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:041"}, {"name": "RHSA-2016:2957", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"}, {"name": "USN-1613-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1613-2"}, {"name": "[Expat-discuss] 20120304 Announcement: Expat 2.1.0 Beta can be tested", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html"}, {"name": "51024", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51024"}, {"name": "USN-1613-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1613-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0876", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "49504", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49504"}, {"name": "http://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127", "refsource": "CONFIRM", "url": "http://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127"}, {"name": "https://www.tenable.com/security/tns-2016-20", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2016-20"}, {"name": "USN-1527-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1527-1"}, {"name": "http://bugs.python.org/issue13703#msg151870", "refsource": "MISC", "url": "http://bugs.python.org/issue13703#msg151870"}, {"name": "https://support.apple.com/HT205637", "refsource": "CONFIRM", "url": "https://support.apple.com/HT205637"}, {"name": "51040", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51040"}, {"name": "RHSA-2012:0731", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0731.html"}, {"name": "52379", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52379"}, {"name": "http://sourceforge.net/projects/expat/files/expat/2.1.0/", "refsource": "CONFIRM", "url": "http://sourceforge.net/projects/expat/files/expat/2.1.0/"}, {"name": "RHSA-2016:0062", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0062.html"}, {"name": "APPLE-SA-2013-10-22-3", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"}, {"name": "APPLE-SA-2015-12-08-3", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"}, {"name": "DSA-2525", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2525"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"name": "MDVSA-2012:041", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:041"}, {"name": "RHSA-2016:2957", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"}, {"name": "USN-1613-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1613-2"}, {"name": "[Expat-discuss] 20120304 Announcement: Expat 2.1.0 Beta can be tested", "refsource": "MLIST", "url": "http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html"}, {"name": "51024", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51024"}, {"name": "USN-1613-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1613-1"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:38:15.063Z"}, "title": "CVE Program Container", "references": [{"name": "49504", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/49504"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2016-20"}, {"name": "USN-1527-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1527-1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.python.org/issue13703#msg151870"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT205637"}, {"name": "51040", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51040"}, {"name": "RHSA-2012:0731", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0731.html"}, {"name": "52379", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/52379"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/projects/expat/files/expat/2.1.0/"}, {"name": "RHSA-2016:0062", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0062.html"}, {"name": "APPLE-SA-2013-10-22-3", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"}, {"name": "APPLE-SA-2015-12-08-3", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"}, {"name": "DSA-2525", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2012/dsa-2525"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"name": "MDVSA-2012:041", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:041"}, {"name": "RHSA-2016:2957", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"}, {"name": "USN-1613-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1613-2"}, {"name": "[Expat-discuss] 20120304 Announcement: Expat 2.1.0 Beta can be tested", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html"}, {"name": "51024", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51024"}, {"name": "USN-1613-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1613-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0876", "datePublished": "2012-07-03T19:00:00", "dateReserved": "2012-01-19T00:00:00", "dateUpdated": "2024-08-06T18:38:15.063Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "matchCriteriaId": "B435E8AA-8792-4F5A-9F06-203D998E1A32", "versionEndExcluding": "2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "6229588C-F7CC-4B5B-B3EF-88B5C8DFB989", "versionEndExcluding": "2.6.8", "versionStartIncluding": "2.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2AACE9B-4A26-436B-A75A-FE1AB98B7706", "versionEndExcluding": "2.7.3", "versionStartIncluding": "2.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "4267C919-3B32-46A1-8B95-514E0B721440", "versionEndExcluding": "3.1.5", "versionStartIncluding": "3.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1FCEF2B-A273-431E-819A-A5CE0F52A63C", "versionEndExcluding": "3.2.3", "versionStartIncluding": "3.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "52B90A04-DD6D-4AE7-A0E5-6B381127D507", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "C0554C89-3716-49F3-BFAE-E008D5E4E29C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD6D0378-F0F4-4AAA-80AF-8287C790EC96", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value."}, {"lang": "es", "value": "El analizador XML (xmlparse.c) en expat antes de v2.1.0 calcula los valores de hash sin restringir la capacidad de desencadenar colisiones hash de forma predecible, lo que permite causar una denegaci\u00f3n de servicio (por consumo de CPU) a atacantes dependientes de contexto a trav\u00e9s de un archivo XML con muchos identificadores con el mismo valor."}], "id": "CVE-2012-0876", "lastModified": "2024-11-21T01:35:53.543", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-07-03T19:55:02.210", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://bugs.python.org/issue13703#msg151870"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0731.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0062.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/49504"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/51024"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/51040"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "http://sourceforge.net/projects/expat/files/expat/2.1.0/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2012/dsa-2525"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:041"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/52379"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1527-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1613-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1613-2"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/HT205637"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2016-20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://bugs.python.org/issue13703#msg151870"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0731.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0062.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/49504"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/51024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/51040"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "http://sourceforge.net/projects/expat/files/expat/2.1.0/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2012/dsa-2525"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/52379"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1527-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1613-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1613-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10365"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/HT205637"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2016-20"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2012:0731", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "expat-0:1.95.8-11.el5_8", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2012-06-13T00:00:00Z"}, {"advisory": "RHSA-2012:0731", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "expat-0:2.0.1-11.el6_2", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2012-06-13T00:00:00Z"}, {"advisory": "RHSA-2017:3239", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.4", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4", "release_date": "2017-11-16T00:00:00Z"}, {"advisory": "RHSA-2016:0062", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.1", "package": "expat", "product_name": "Red Hat JBoss Web Server 2.1", "release_date": "2016-01-21T00:00:00Z"}, {"advisory": "RHSA-2016:2957", "cpe": "cpe:/a:redhat:jboss_core_services:1", "product_name": "Text-Only JBCS", "release_date": "2016-12-15T00:00:00Z"}], "bugzilla": {"description": "expat: hash table collisions CPU usage DoS", "id": "786617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=786617"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-407", "details": ["The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.", "A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions."], "name": "CVE-2012-0876", "package_state": [{"cpe": "cpe:/a:redhat:certificate_system:7.3", "fix_state": "Will not fix", "package_name": "expat", "product_name": "Red Hat Certificate System 7.3"}, {"cpe": "cpe:/a:redhat:directory_server:8", "fix_state": "Affected", "package_name": "expat", "product_name": "Red Hat Directory Server 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "xmlrpc-c", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "compat-expat1", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "mingw32-expat", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Affected", "package_name": "expat", "product_name": "Red Hat JBoss Enterprise Application Platform 6.3.z"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Affected", "package_name": "expat", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4.0"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Affected", "package_name": "expat", "product_name": "Red Hat JBoss Enterprise Web Server 3"}, {"cpe": "cpe:/a:redhat:rhev_manager:", "fix_state": "Affected", "package_name": "spice-client-win", "product_name": "RHEV Manager"}], "public_date": "2012-03-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-0876\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-0876"], "threat_severity": "Moderate", "upstream_fix": "expat 2.1.0"}