Computer Security
[EN] securityvulns.ru no-pyccku


expat security vulnerability
Published:02.04.2012
Source:
SecurityVulns ID:12304
Type:library
Threat Level:
5/10
Description:Memory leaks, predictable hash function.
Affected:EXPAT : expat 2.0
CVE:CVE-2012-1148 (Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.)
 CVE-2012-0876 (The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:041 ] expat (02.04.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod