Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-6702

Опубликовано: 16 июн. 2016
Источник: nvd
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Версия до 2.2.0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 70%
0.00633
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

ubuntu логотип

CVE-2012-6702

CVSS3: 5.9
ubuntu
больше 9 лет назад

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

redhat логотип

CVE-2012-6702

redhat
почти 11 лет назад

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

debian логотип

CVE-2012-6702

CVSS3: 5.9
debian
больше 9 лет назад

Expat, when used in a parser that has not called XML_SetHashSalt or pa ...

github логотип

GHSA-qfwq-qvmm-7j3x

CVSS3: 5.9
github
больше 3 лет назад

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

suse-cvrf логотип

openSUSE-SU-2017:0483-1

suse-cvrf
почти 9 лет назад

Security update for expat

EPSS

Процентиль: 70%
0.00633
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-310