Denial of service vulnerability in Expat XML parser by Expat
CVE-2012-0876

Currently unrated

Key Information:

Vendor: Libexpat Project
Status: Libexpat
Vendor: CVE Published:; 3 July 2012

Summary

The Expat XML parser is vulnerable to a denial of service attack due to the way it computes hash values in XML documents. Attackers can exploit this weakness by crafting XML files that contain multiple identifiers with identical values. This can lead to predictable hash collisions, resulting in high CPU consumption and potential service interruptions. Users of Expat should upgrade to version 2.1.0 or later to mitigate this risk and enhance their security posture.

References

http://secunia.com/advisories/49504

third-party-advisoryx_refsource_SECUNIA

http://sourceforge.net/tracker/?func=detail&atid=110127&a...

x_refsource_CONFIRM

https://www.tenable.com/security/tns-2016-20

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 3, 2012
Vulnerability Reserved
Jan 19, 2012