#496 CVE-2012-0876 - Hash DOS attack

Test Required
open-fixed
Karl Waclawek
None
7
2012-03-03
2012-03-03
Karl Waclawek
No

The hash table implementation in Expat can be attacked by a carefully crafted input document where all identifiers hash to the same value.
This leads to a denial of service scenario by forcing hash table lookups to do linear searching.
CVE-2012-0876 (see http://http://www.cve.mitre.org\) has been reserved for this issue.
Also discussed on bugs.python.org/issue13703#msg151870 .

Discussion

  • Karl Waclawek
    Karl Waclawek
    2012-03-03

    Fixed in expat.h rev 1.81 and xmlparse.c rev 1.168.
    Thanks to David Malcolm (RedHat) for providing me with the initial version of the patch.

     
  • Karl Waclawek
    Karl Waclawek
    2012-03-03

    • milestone: --> Test Required
    • status: open --> open-fixed