Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-3514

OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via unspecified vectors.

Related bugs and status

CVE-2012-3514 (Candidate) is related to these bugs:

Bug #1063101: Sync xml-light 2.2-15 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	1063101	Sync xml-light 2.2-15 (universe) from Debian unstable (main)		xml-light (Ubuntu)	Undecided	Fix Released

Bug #1186860: Hash collision vulnerability in xml-light

		In	Importance	Status
1186860	Hash collision vulnerability in xml-light	xml-light (Ubuntu)	Undecided	Fix Released
1186860	Hash collision vulnerability in xml-light	xml-light (Ubuntu Lucid)	Undecided	Fix Released
1186860	Hash collision vulnerability in xml-light	xml-light (Ubuntu Precise)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://www.mandriva.co...
MISC: http://www.openwall.co...
MISC: https://wiki.mageia.or...