CVE-2012-0876

EPSS 0.17%

expat - several

Published: 7/3/2012Modified: 4/28/2026

Also known as:DEBIAN-CVE-2012-0876

Description

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

Affected packages (4)

Debian/expatfrom 0, < 2.1.0~beta3-1
Debian/expatfrom 0, < 2.0.1-7+squeeze1
Debian/libxmltokfrom 0
Debian/xmlrpc-cfrom 0, < 1.16.33-3.2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-0876