CVE-2012-0841

libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.
References
Link Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846
http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a
http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
http://rhn.redhat.com/errata/RHSA-2012-0324.html
http://rhn.redhat.com/errata/RHSA-2013-0217.html
http://secunia.com/advisories/54886
http://secunia.com/advisories/55568
http://securitytracker.com/id?1026723
http://support.apple.com/kb/HT5934
http://support.apple.com/kb/HT6001
http://www.debian.org/security/2012/dsa-2417
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.openwall.com/lists/oss-security/2012/02/22/1
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
http://www.securityfocus.com/bid/52107 Patch
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
http://xmlsoft.org/news.html
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0841_denial_of
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846
http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a
http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
http://rhn.redhat.com/errata/RHSA-2012-0324.html
http://rhn.redhat.com/errata/RHSA-2013-0217.html
http://secunia.com/advisories/54886
http://secunia.com/advisories/55568
http://securitytracker.com/id?1026723
http://support.apple.com/kb/HT5934
http://support.apple.com/kb/HT6001
http://www.debian.org/security/2012/dsa-2417
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.openwall.com/lists/oss-security/2012/02/22/1
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
http://www.securityfocus.com/bid/52107 Patch
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
http://xmlsoft.org/news.html
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0841_denial_of
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.9:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.10:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.13:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.14:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.16:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.0:beta:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.9:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.11:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.12:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.13:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.14:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.8:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.9:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.10:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.11:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.12:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.13:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.14:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.15:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.16:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.17:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.18:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.19:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.20:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.21:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.22:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.23:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.24:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.25:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.26:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.27:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.28:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.29:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.30:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.7:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.8:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.17:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.18:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.20:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.21:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.22:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.23:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.24:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.25:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.28:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.29:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.30:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.31:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.5:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.6:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.7:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:5.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:5.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:6.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:6.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:6.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:*

History

21 Nov 2024, 01:35

Type Values Removed Values Added
References () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846 - () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846 -
References () http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a - () http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a -
References () http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html - () http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html -
References () http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html - () http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html -
References () http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html - () http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html -
References () http://rhn.redhat.com/errata/RHSA-2012-0324.html - () http://rhn.redhat.com/errata/RHSA-2012-0324.html -
References () http://rhn.redhat.com/errata/RHSA-2013-0217.html - () http://rhn.redhat.com/errata/RHSA-2013-0217.html -
References () http://secunia.com/advisories/54886 - () http://secunia.com/advisories/54886 -
References () http://secunia.com/advisories/55568 - () http://secunia.com/advisories/55568 -
References () http://securitytracker.com/id?1026723 - () http://securitytracker.com/id?1026723 -
References () http://support.apple.com/kb/HT5934 - () http://support.apple.com/kb/HT5934 -
References () http://support.apple.com/kb/HT6001 - () http://support.apple.com/kb/HT6001 -
References () http://www.debian.org/security/2012/dsa-2417 - () http://www.debian.org/security/2012/dsa-2417 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 - () http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 -
References () http://www.openwall.com/lists/oss-security/2012/02/22/1 - () http://www.openwall.com/lists/oss-security/2012/02/22/1 -
References () http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html - () http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html -
References () http://www.securityfocus.com/bid/52107 - Patch () http://www.securityfocus.com/bid/52107 - Patch
References () http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf - () http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf -
References () http://xmlsoft.org/news.html - () http://xmlsoft.org/news.html -
References () https://blogs.oracle.com/sunsecurity/entry/cve_2012_0841_denial_of - () https://blogs.oracle.com/sunsecurity/entry/cve_2012_0841_denial_of -

Information

Published : 2012-12-21 05:46

Updated : 2024-11-21 01:35


NVD link : CVE-2012-0841

Mitre link : CVE-2012-0841

CVE.ORG link : CVE-2012-0841


JSON object : View

Products Affected

xmlsoft

  • libxml2

apple

  • iphone_os
CWE
CWE-399

Resource Management Errors