Bug 787067 (CVE-2012-0841)

Summary: CVE-2012-0841 libxml2: hash table collisions CPU usage DoS
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: apevec, cpelland, fedora-mingw, jrusnack, lfarkas, mburns, mmcgrath, ohudlick, rbalakri, rjones, security-response-team, veillard
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20120221,reported=20120116,source=researcher,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,rhel-4/libxml2=affected,rhel-5/libxml2=affected,rhel-6/libxml2=affected,rhel-6/mingw32-libxml2=affected,fedora-all/libxml2=affected,fedora-all/mingw32-libxml2=affected,epel-5/mingw32-libxml2=affected,cwe=CWE-407
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-01-17 04:43:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 788843, 788844, 788845, 788846, 788847, 788848, 795698, 795699, 795700, 810940, 891477, 891478, 1206463    
Bug Blocks: 770929, 782164, 788255, 891480    

Description Kurt Seifried 2012-02-03 04:55:24 UTC
Juraj Somorovsky and Christopher Meyer reported that certain XML parsers/servers are affected by the same, or similar, flaw as the hash table collisions CPU usage denial of service.  Sending a specially crafted message to an XML service can result in longer processing time, which could lead to a denial of service.  It is reported that this attack on XML can be applied on different XML nodes (such as entities, element attributes, namespaces, various elements in the XML security, etc.).

libxml2 is written in C and makes significant use of arrays. I will contact 
upstream to make them aware of this issue.

Comment 16 Huzaifa S. Sidhpurwala 2012-02-21 10:20:17 UTC
This is now public via:

http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a

Comment 17 Huzaifa S. Sidhpurwala 2012-02-21 10:26:18 UTC
Created libxml2 tracking bugs for this issue

Affects: fedora-all [bug 795698]

Comment 18 Huzaifa S. Sidhpurwala 2012-02-21 10:26:22 UTC
Created mingw32-libxml2 tracking bugs for this issue

Affects: fedora-all [bug 795699]
Affects: epel-5 [bug 795700]

Comment 19 errata-xmlrpc 2012-02-21 22:29:44 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2012:0324 https://rhn.redhat.com/errata/RHSA-2012-0324.html

Comment 21 Huzaifa S. Sidhpurwala 2012-02-28 05:49:01 UTC
Statement:

(none)

Comment 24 errata-xmlrpc 2013-01-31 19:33:29 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:0217 https://rhn.redhat.com/errata/RHSA-2013-0217.html