Expat XML Parser / Bugs / #496 CVE-2012-0876

#496 CVE-2012-0876 - Hash DOS attack

Milestone: Test Required

Status: closed-fixed

Owner: Karl Waclawek

Labels: None

Priority: 7

Updated: 2016-03-12

Created: 2012-03-03

Creator: Karl Waclawek

Private: No

The hash table implementation in Expat can be attacked by a carefully crafted input document where all identifiers hash to the same value.
This leads to a denial of service scenario by forcing hash table lookups to do linear searching.
CVE-2012-0876 (see http://http://www.cve.mitre.org\) has been reserved for this issue.
Also discussed on bugs.python.org/issue13703#msg151870 .

Discussion

Karl Waclawek - 2012-03-03

Fixed in expat.h rev 1.81 and xmlparse.c rev 1.168.
Thanks to David Malcolm (RedHat) for providing me with the initial version of the patch.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Karl Waclawek - 2012-03-03

milestone: --> Test Required

status: open --> open-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Sebastian Pipping - 2016-03-12

status: open-fixed --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Sebastian Pipping - 2016-03-12

Fixed since 2.1.0, commit e3e81a6d9f0885ea02d3979151c358f314bf3d6d, closing.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CVE-2012-0876 - Hash DOS attack

Fast XML parser library in C

Group

Searches

Help

#496 CVE-2012-0876 - Hash DOS attack

Discussion