The hash table implementation in Expat can be attacked by a carefully crafted input document where all identifiers hash to the same value.
This leads to a denial of service scenario by forcing hash table lookups to do linear searching.
CVE-2012-0876 (see http://http://www.cve.mitre.org\) has been reserved for this issue.
Also discussed on bugs.python.org/issue13703#msg151870 .
Fixed in expat.h rev 1.81 and xmlparse.c rev 1.168.
Thanks to David Malcolm (RedHat) for providing me with the initial version of the patch.
Fixed since 2.1.0, commit e3e81a6d9f0885ea02d3979151c358f314bf3d6d, closing.