Hash collision vulnerability in xml-light
Bug #1186860 reported by
Christian Kuersteiner
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xml-light (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
OCaml Xml-Light Library before r234 computes hash values without
restricting the ability to trigger hash collisions predictably, which
allows context-dependent attackers to cause a denial of service (CPU
consumption) via unspecified vectors.
Note:
Quantal, Raring and Saucy are already fixed.
CVE References
information type: | Private Security → Public Security |
Changed in xml-light (Ubuntu): | |
status: | New → Fix Released |
To post a comment you must log in.
Precise patch