Back to bug 786617
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Vincent Danen | 2012-02-01 22:33:15 UTC | CC | jorton | |
| Vincent Danen | 2012-02-01 22:36:22 UTC | CC | dmalcolm | |
| Blocks | 782164 | |||
| Vincent Danen | 2012-02-01 22:57:37 UTC | Blocks | 770929 | |
| Kurt Seifried | 2012-02-21 23:55:52 UTC | Summary | EMBARGOED expat: hash table collisions CPU usage DoS (oCERT-2011-003) | EMBARGOED CVE-2012-087 expat: hash table collisions CPU usage DoS (oCERT-2011-003) |
| Alias | CVE-2012-087 | |||
| Kurt Seifried | 2012-02-21 23:58:54 UTC | Whiteboard | impact=moderate,public=no,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-6/expat=affected,rhel-5/expat=affected,fedora-all/expat=affected | impact=moderate,public=no,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=affected,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,certificate_system_7.3/expat=affected,directory_server_8/expat=affected rhel-6/compat-expat1=affected,fedora-all/compat-expat1=affected,fedora-all/mingw32-expat=affected,rhel-6/mingw32-expat=affected,epel-5/mingw32-expat=affected |
| Kurt Seifried | 2012-02-21 23:59:26 UTC | CC | kseifried | |
| Kurt Seifried | 2012-02-22 00:32:47 UTC | Summary | EMBARGOED CVE-2012-087 expat: hash table collisions CPU usage DoS (oCERT-2011-003) | EMBARGOED CVE-2012-0876 expat: hash table collisions CPU usage DoS (oCERT-2011-003) |
| Alias | CVE-2012-087 | CVE-2012-0876 | ||
| Tomas Hoger | 2012-03-06 15:36:56 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED CVE-2012-0876 expat: hash table collisions CPU usage DoS (oCERT-2011-003) | CVE-2012-0876 expat: hash table collisions CPU usage DoS | ||
| Whiteboard | impact=moderate,public=no,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=affected,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,certificate_system_7.3/expat=affected,directory_server_8/expat=affected rhel-6/compat-expat1=affected,fedora-all/compat-expat1=affected,fedora-all/mingw32-expat=affected,rhel-6/mingw32-expat=affected,epel-5/mingw32-expat=affected | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=affected,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,certificate_system_7.3/expat=affected directory_server_8/expat=affected,rhel-6/compat-expat1=affected,fedora-all/compat-expat1=affected,fedora-all/mingw32-expat=affected,rhel-6/mingw32-expat=affected,epel-5/mingw32-expat=affected | ||
| Tomas Hoger | 2012-03-06 15:40:01 UTC | Whiteboard | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=affected,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,certificate_system_7.3/expat=affected directory_server_8/expat=affected,rhel-6/compat-expat1=affected,fedora-all/compat-expat1=affected,fedora-all/mingw32-expat=affected,rhel-6/mingw32-expat=affected,epel-5/mingw32-expat=affected | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=affected,fedora-all/compat-expat1=affected certificate_system_7.3/expat=affected,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected |
| Kurt Seifried | 2012-03-09 05:25:49 UTC | Blocks | 801654 | |
| Joe Orton | 2012-03-30 23:53:10 UTC | CC | ddumas, rvokal | |
| Kurt Seifried | 2012-04-06 05:41:29 UTC | Whiteboard | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=affected,fedora-all/compat-expat1=affected certificate_system_7.3/expat=affected,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=affected,fedora-all/compat-expat1=affected certificate_system_7.3/expat=affected,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,openshift-express-1/expat=affected |
| Kurt Seifried | 2012-04-06 05:41:39 UTC | CC | tkramer | |
| Kurt Seifried | 2012-04-12 05:21:59 UTC | Depends On | 811830 | |
| Kurt Seifried | 2012-04-12 05:22:07 UTC | Depends On | 811831 | |
| Kurt Seifried | 2012-04-12 05:22:18 UTC | Depends On | 811832 | |
| Kurt Seifried | 2012-04-12 05:22:27 UTC | Depends On | 811833 | |
| Kurt Seifried | 2012-04-12 05:22:37 UTC | Depends On | 811834 | |
| Kurt Seifried | 2012-04-12 05:22:46 UTC | Depends On | 811835 | |
| Kurt Seifried | 2012-04-12 05:22:56 UTC | Depends On | 811836 | |
| Kurt Seifried | 2012-04-12 05:23:05 UTC | Depends On | 811837 | |
| Kurt Seifried | 2012-04-13 01:36:14 UTC | Whiteboard | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=affected,fedora-all/compat-expat1=affected certificate_system_7.3/expat=affected,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,openshift-express-1/expat=affected | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=affected,fedora-all/compat-expat1=affected certificate_system_7.3/expat=affected,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,openshift-express-1/expat=affected,rhev-h/expat=affected |
| Kurt Seifried | 2012-04-13 01:36:22 UTC | CC | acathrow, apevec, cpelland, mburns, pmyers | |
| Kurt Seifried | 2012-04-13 01:54:36 UTC | Whiteboard | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=affected,fedora-all/compat-expat1=affected certificate_system_7.3/expat=affected,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,openshift-express-1/expat=affected,rhev-h/expat=affected | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=affected,fedora-all/compat-expat1=affected certificate_system_7.3/expat=affected,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,openshift-express-1/expat=affected,rhev-h/expat=affected rhev-m/spice-client-win=affected |
| Kurt Seifried | 2012-04-13 01:54:45 UTC | CC | bazulay, dblechte, dyasny, iheim, uril, ykaul | |
| Joe Orton | 2012-04-13 10:36:59 UTC | Status | NEW | MODIFIED |
| Joe Orton | 2012-04-13 10:47:41 UTC | Fixed In Version | compat-expat1-1.95.8-9.el6_3 | |
| Joe Orton | 2012-04-13 10:50:00 UTC | Status | MODIFIED | ASSIGNED |
| Tomas Hoger | 2012-04-13 11:19:38 UTC | Status | ASSIGNED | NEW |
| Fixed In Version | compat-expat1-1.95.8-9.el6_3 | |||
| Dave Malcolm | 2012-04-17 17:29:20 UTC | Flags | needinfo?(jorton) | |
| Tomas Hoger | 2012-04-27 16:15:05 UTC | Whiteboard | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=affected,fedora-all/compat-expat1=affected certificate_system_7.3/expat=affected,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,openshift-express-1/expat=affected,rhev-h/expat=affected rhev-m/spice-client-win=affected | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected certificate_system_7.3/expat=affected,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,openshift-express-1/expat=affected,rhev-m/spice-client-win=affected |
| Tomas Hoger | 2012-04-27 16:15:37 UTC | CC | cfergeau | |
| Tomas Hoger | 2012-05-07 10:08:19 UTC | Flags | needinfo?(jorton) | needinfo?(dmalcolm) |
| Kurt Seifried | 2012-05-08 16:22:16 UTC | Whiteboard | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected certificate_system_7.3/expat=affected,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,openshift-express-1/expat=affected,rhev-m/spice-client-win=affected | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected certificate_system_7.3/expat=affected,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,openshift-1/expat=affected,rhev-m/spice-client-win=affected |
| Petr Šplíchal | 2012-05-15 06:50:11 UTC | CC | psplicha | |
| Dave Malcolm | 2012-05-24 20:54:31 UTC | Flags | needinfo?(dmalcolm) | |
| Simon Green | 2013-07-02 07:30:10 UTC | CC | dyasny | |
| Simon Green | 2013-07-04 03:28:26 UTC | CC | ykaul | jkt |
| Jan Lieskovsky | 2013-07-09 10:02:55 UTC | Whiteboard | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected,certificate_system_7.3/expat=affected,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,openshift-1/expat=affected,rhev-m/spice-client-win=affected | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,certificate_system_7.3/expat=affected,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,openshift-1/expat=affected,rhev-m/spice-client-win=affected,rhel-7/compat-expat1=affected,fedora-all/compat-expat1=affected |
| Jan Lieskovsky | 2013-07-09 10:03:49 UTC | CC | alee, awnuk, ccoleman, cfu, dmcphers, erik-fedora, idith, jialiu, jmagne, ktietz, lmeyer, mharmsen, rjones, rmeggins, seceng-idm-qe-list, ykaul | |
| Jan Lieskovsky | 2013-07-09 10:08:44 UTC | Depends On | 982563 | |
| Jan Lieskovsky | 2013-07-09 10:14:17 UTC | Depends On | 982566 | |
| John Skeoch | 2013-11-27 23:53:16 UTC | CC | idith | |
| John Skeoch | 2014-03-17 01:36:47 UTC | CC | awnuk | dpal |
| John Skeoch | 2014-06-18 07:57:56 UTC | CC | tkramer | mmcgrath |
| Tomas Hoger | 2014-07-21 21:49:12 UTC | Fixed In Version | expat 2.1.0 | |
| Tomas Hoger | 2014-07-22 12:55:51 UTC | Whiteboard | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,certificate_system_7.3/expat=affected,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,openshift-1/expat=affected,rhev-m/spice-client-win=affected,rhel-7/compat-expat1=affected,fedora-all/compat-expat1=affected | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected,certificate_system_7.3/expat=wontfix,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,rhev-m/spice-client-win=affected,rhel-5/xmlrpc-c=affected |
| Tomas Hoger | 2014-07-22 12:56:13 UTC | CC | bmcclain, ecohen, gklein, idith, lsurette, mizdebsk, rh-spice-bugs, yeylon | |
| Tomas Hoger | 2014-07-22 13:07:50 UTC | Whiteboard | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected,certificate_system_7.3/expat=wontfix,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,rhev-m/spice-client-win=affected,rhel-5/xmlrpc-c=affected | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected,certificate_system_7.3/expat=wontfix,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,rhev-m/spice-client-win=affected,rhel-5/xmlrpc-c=wontfix |
| Tomas Hoger | 2014-07-22 13:32:08 UTC | Link ID | Mozilla Foundation 741713 | |
| John Skeoch | 2014-09-07 22:58:05 UTC | CC | acathrow | rbalakri |
| Ján Rusnačko | 2014-11-21 08:37:24 UTC | CC | jrusnack | |
| Whiteboard | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected,certificate_system_7.3/expat=wontfix,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,rhev-m/spice-client-win=affected,rhel-5/xmlrpc-c=wontfix | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected,certificate_system_7.3/expat=wontfix,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,rhev-m/spice-client-win=affected,rhel-5/xmlrpc-c=wontfix,cwe=CWE-407 | ||
| John Skeoch | 2015-01-07 23:23:25 UTC | CC | jkt | bsettle |
| Kurt Seifried | 2015-01-17 04:42:21 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2015-01-16 23:42:21 UTC | |||
| Arun Babu Neelicattu | 2015-02-10 06:30:48 UTC | CC | jclere | |
| Timothy Walsh | 2015-03-10 05:40:22 UTC | Whiteboard | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected,certificate_system_7.3/expat=wontfix,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,rhev-m/spice-client-win=affected,rhel-5/xmlrpc-c=wontfix,cwe=CWE-407 | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-407,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected,certificate_system_7.3/expat=wontfix,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,rhev-m/spice-client-win=affected,rhel-5/xmlrpc-c=wontfix,jbews-3/expat=affected,eap-6.4.0/expat=affected,eap-6.3.z/expat=affected |
| Timothy Walsh | 2015-03-10 05:40:47 UTC | CC | acathrow, alonbl, cdewolf, dandread, darran.lofthouse, dknox, jason.greene, jawilson, jdoyle, kkhan, lgao, michal.skrivanek, myarboro, pgier, pslavice, rsvoboda, twalsh, vtunka, weli | |
| Timothy Walsh | 2015-03-10 10:08:55 UTC | Depends On | 1200324 | |
| Timothy Walsh | 2015-03-10 10:09:23 UTC | Depends On | 1200326 | |
| Timothy Walsh | 2015-07-01 11:26:27 UTC | Whiteboard | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-407,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected,certificate_system_7.3/expat=wontfix,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,rhev-m/spice-client-win=affected,rhel-5/xmlrpc-c=wontfix,jbews-3/expat=affected,eap-6.4.0/expat=affected,eap-6.3.z/expat=affected | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-407,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected,certificate_system_7.3/expat=wontfix,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,rhev-m/spice-client-win=affected,rhel-5/xmlrpc-c=wontfix,jbews-3/expat=affected,jbews-2/expat=affected,eap-6.4.0/expat=affected,eap-6.3.z/expat=affected |
| Timothy Walsh | 2015-07-01 11:26:56 UTC | CC | jboss-set | |
| Timothy Walsh | 2015-07-01 11:28:16 UTC | Depends On | 1238184 | |
| Timothy Walsh | 2015-07-01 11:56:45 UTC | Doc Text | It was discovered that a specially-crafted set of keys could trigger hash function collisions, which degrade dictionary performance by changing hash table operations complexity from an expected/average O(1) to the worst case O(n). Reporters were able to find colliding strings efficiently using meet in the middle attack. |
|
| Martin Prpič | 2015-07-07 15:36:47 UTC | Doc Text | It was discovered that a specially-crafted set of keys could trigger hash function collisions, which degrade dictionary performance by changing hash table operations complexity from an expected/average O(1) to the worst case O(n). Reporters were able to find colliding strings efficiently using meet in the middle attack. | A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. |
| Radim Hatlapatka | 2015-07-30 15:07:53 UTC | CC | rhatlapa | |
| Adam Mariš | 2015-07-31 15:08:59 UTC | CC | amaris | |
| Whiteboard | impact=moderate,public=20120303,reported=20120116,source=rt,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-407,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected,certificate_system_7.3/expat=wontfix,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,rhev-m/spice-client-win=affected,rhel-5/xmlrpc-c=wontfix,jbews-3/expat=affected,jbews-2/expat=affected,eap-6.4.0/expat=affected,eap-6.3.z/expat=affected | impact=moderate,public=20120303,reported=20120116,source=customer,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-407,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected,certificate_system_7.3/expat=wontfix,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,rhev-m/spice-client-win=affected,rhel-5/xmlrpc-c=wontfix,jbews-3/expat=affected,jbews-2/expat=affected,eap-6.4.0/expat=affected,eap-6.3.z/expat=affected | ||
| Vincent Danen | 2015-10-15 21:21:45 UTC | Whiteboard | impact=moderate,public=20120303,reported=20120116,source=customer,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-407,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected,certificate_system_7.3/expat=wontfix,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,rhev-m/spice-client-win=affected,rhel-5/xmlrpc-c=wontfix,jbews-3/expat=affected,jbews-2/expat=affected,eap-6.4.0/expat=affected,eap-6.3.z/expat=affected | impact=moderate,public=20120303,reported=20120116,source=customer,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-407,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=notaffected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected,certificate_system_7.3/expat=wontfix,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,rhev-m/spice-client-win=affected,rhel-5/xmlrpc-c=wontfix,jbews-3/expat=affected,jbews-2/expat=affected,eap-6.4.0/expat=affected,eap-6.3.z/expat=affected |
| Ján Rusnačko | 2015-11-24 14:55:11 UTC | Whiteboard | impact=moderate,public=20120303,reported=20120116,source=customer,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-407,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=notaffected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected,certificate_system_7.3/expat=wontfix,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,rhev-m/spice-client-win=affected,rhel-5/xmlrpc-c=wontfix,jbews-3/expat=affected,jbews-2/expat=affected,eap-6.4.0/expat=affected,eap-6.3.z/expat=affected | impact=moderate,public=20120303,reported=20120116,source=customer,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-407,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected,certificate_system_7.3/expat=wontfix,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,rhev-m/spice-client-win=affected,rhel-5/xmlrpc-c=wontfix,jbews-3/expat=affected,jbews-2/expat=affected,eap-6.4.0/expat=affected,eap-6.3.z/expat=affected |
| Timothy Walsh | 2015-11-30 11:14:17 UTC | Blocks | 1286624 | |
| Chess Hazlett | 2016-01-21 16:09:51 UTC | CC | chazlett | |
| Perry Myers | 2016-04-26 20:23:10 UTC | CC | pmyers | |
| Adam Mariš | 2016-11-08 15:57:06 UTC | CC | amaris | |
| Product Security DevOps Team | 2019-09-29 12:50:14 UTC | Whiteboard | impact=moderate,public=20120303,reported=20120116,source=customer,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-407,rhel-4/expat=wontfix,rhel-5/expat=affected,rhel-6/expat=affected,fedora-all/expat=affected,rhel-6/compat-expat1=wontfix,fedora-all/compat-expat1=affected,certificate_system_7.3/expat=wontfix,directory_server_8/expat=affected,rhel-6/mingw32-expat=affected,fedora-all/mingw32-expat=affected,epel-5/mingw32-expat=affected,rhev-m/spice-client-win=affected,rhel-5/xmlrpc-c=wontfix,jbews-3/expat=affected,jbews-2/expat=affected,eap-6.4.0/expat=affected,eap-6.3.z/expat=affected |
Back to bug 786617