Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-5300

Опубликовано: 04 июн. 2016
Источник: redhat
CVSS2: 4.3

Описание

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Directory Server 8expatUnder investigation
Red Hat Enterprise Linux 5expatWill not fix
Red Hat Enterprise Linux 5firefoxNot affected
Red Hat Enterprise Linux 5thunderbirdNot affected
Red Hat Enterprise Linux 5xmlrpc-cWill not fix
Red Hat Enterprise Linux 5xulrunnerNot affected
Red Hat Enterprise Linux 6compat-expat1Not affected
Red Hat Enterprise Linux 6expatWill not fix
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-331
https://bugzilla.redhat.com/show_bug.cgi?id=1343085expat: Little entropy used for hash initialization

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-5300

CVSS3: 7.5
ubuntu
больше 9 лет назад

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

nvd логотип

CVE-2016-5300

CVSS3: 7.5
nvd
больше 9 лет назад

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

debian логотип

CVE-2016-5300

CVSS3: 7.5
debian
больше 9 лет назад

The XML parser in Expat does not use sufficient entropy for hash initi ...

github логотип

GHSA-59r7-7hc4-v4rf

CVSS3: 7.5
github
больше 3 лет назад

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

suse-cvrf логотип

openSUSE-SU-2017:0483-1

suse-cvrf
почти 9 лет назад

Security update for expat

4.3 Medium

CVSS2