Описание
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Certificate System 7.3 | expat | Will not fix | ||
| Red Hat Directory Server 8 | expat | Affected | ||
| Red Hat Enterprise Linux 4 | expat | Will not fix | ||
| Red Hat Enterprise Linux 5 | xmlrpc-c | Will not fix | ||
| Red Hat Enterprise Linux 6 | compat-expat1 | Will not fix | ||
| Red Hat Enterprise Linux 6 | mingw32-expat | Affected | ||
| Red Hat JBoss Enterprise Application Platform 6.3.z | expat | Affected | ||
| Red Hat JBoss Enterprise Application Platform 6.4.0 | expat | Affected | ||
| Red Hat JBoss Enterprise Web Server 3 | expat | Affected | ||
| RHEV Manager | spice-client-win | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values ...
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
EPSS
5 Medium
CVSS2