Bug 787067 - (CVE-2012-0841) CVE-2012-0841 libxml2: hash table collisions CPU usage DoS
CVE-2012-0841 libxml2: hash table collisions CPU usage DoS
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20120221,repor...
: Security
Depends On: 788843 788844 788845 788846 788847 788848 795698 795699 795700 810940 891477 891478 1206463
Blocks: hashdos/oCERT-2011-003 782164 788255 891480
  Show dependency treegraph
 
Reported: 2012-02-02 23:55 EST by Kurt Seifried
Modified: 2016-04-26 11:50 EDT (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-01-16 23:43:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Kurt Seifried 2012-02-02 23:55:24 EST
Juraj Somorovsky and Christopher Meyer reported that certain XML parsers/servers are affected by the same, or similar, flaw as the hash table collisions CPU usage denial of service.  Sending a specially crafted message to an XML service can result in longer processing time, which could lead to a denial of service.  It is reported that this attack on XML can be applied on different XML nodes (such as entities, element attributes, namespaces, various elements in the XML security, etc.).

libxml2 is written in C and makes significant use of arrays. I will contact 
upstream to make them aware of this issue.
Comment 16 Huzaifa S. Sidhpurwala 2012-02-21 05:20:17 EST
This is now public via:

http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a
Comment 17 Huzaifa S. Sidhpurwala 2012-02-21 05:26:18 EST
Created libxml2 tracking bugs for this issue

Affects: fedora-all [bug 795698]
Comment 18 Huzaifa S. Sidhpurwala 2012-02-21 05:26:22 EST
Created mingw32-libxml2 tracking bugs for this issue

Affects: fedora-all [bug 795699]
Affects: epel-5 [bug 795700]
Comment 19 errata-xmlrpc 2012-02-21 17:29:44 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2012:0324 https://rhn.redhat.com/errata/RHSA-2012-0324.html
Comment 21 Huzaifa S. Sidhpurwala 2012-02-28 00:49:01 EST
Statement:

(none)
Comment 24 errata-xmlrpc 2013-01-31 14:33:29 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:0217 https://rhn.redhat.com/errata/RHSA-2013-0217.html

Note You need to log in before you can comment on or make changes to this bug.