Home

CVE-2012-0876

Description

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.306

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in IBM HTTP 7.0.0.43Windows
Multiple vulnerabilities are fixed in IBM HTTP 8.5.5.11Windows
Multiple vulnerabilities are fixed in IBM HTTP 8.0.0.13Windows
Multiple vulnerabilities are fixed in IBM HTTP 8.5.5.7Windows
Multiple vulnerabilities are fixed in IBM HTTP 8.0.0.10Windows
Multiple vulnerabilities are fixed in IBM HTTP 7.0.0.37Windows
Vulnerabilities CVE-2016-4472,CVE-2016-0718,CVE-2012-1148,CVE-2012-0876 are fixed in IBM HTTP 9.0.0.2Windows
Multiple vulnerabilities are fixed in IBM WebSphere 7.0.0.43Windows
Vulnerabilities CVE-2012-1148,CVE-2012-0876,CVE-2016-4472,CVE-2016-0718 are fixed in IBM WebSphere 9.0.0.2Windows
Multiple vulnerabilities are fixed in IBM WebSphere 8.5.5.11Windows
Multiple vulnerabilities are fixed in IBM WebSphere 8.0.0.13Windows
Multiple vulnerabilities are fixed in OS X El Capitan 10.11.2 UpdateMac
Multiple vulnerabilities are fixed in OS X Mavericks 10.9.5 UpdateMac
Multiple vulnerabilities are fixed in OS X Mavericks 10.9.5 Update (Combo)Mac
XML parsing C library - example application (USN-1527-1) libexpat1_2.0.1-7.2ubuntu1.2_i386.debLinux
XML parsing C library - example application (USN-1527-1) libexpat1_2.0.1-7.2ubuntu1.2_amd64.debLinux
XML parsing C library - example application (USN-1527-1) lib64expat1_2.0.1-7.2ubuntu1.2_i386.debLinux
Lightweight RPC library based on XML and HTTP (USN-1527-2) libxmlrpc-core-c3_1.16.33-3.1ubuntu5.1_i386.debLinux
Lightweight RPC library based on XML and HTTP (USN-1527-2) libxmlrpc-core-c3_1.16.33-3.1ubuntu5.1_amd64.debLinux
(RHSA-2012:0731) Moderate: expat security update expat-1.95.8-11.el5_8.i386.rpmLinux
(RHSA-2012:0731) Moderate: expat security update expat-1.95.8-11.el5_8.x86_64.rpmLinux
(RHSA-2012:0731) Moderate: expat security update expat-devel-1.95.8-11.el5_8.i386.rpmLinux
(RHSA-2012:0731) Moderate: expat security update expat-devel-1.95.8-11.el5_8.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) libpython3_4m1_0-3.4.10-25.39.2.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) libpython3_4m1_0-debuginfo-3.4.10-25.39.2.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-3.4.10-25.39.3.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-base-3.4.10-25.39.2.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-base-debuginfo-3.4.10-25.39.2.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-base-debugsource-3.4.10-25.39.2.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-curses-3.4.10-25.39.3.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-curses-debuginfo-3.4.10-25.39.3.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-debuginfo-3.4.10-25.39.3.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-debugsource-3.4.10-25.39.3.x86_64.rpmLinux
Uncontrolled Resource Consumption Vulnerability (CVE-2012-0876)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-600753OS X El Capitan 10.11.6 Update
PATCH-600222OS X Mavericks 10.9.5 Update
PATCH-600223OS X Mavericks 10.9.5 Update (Combo)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234