Discussion:
[Expat-bugs] [ expat-Bugs-3496608 ] CVE-2012-0876 - Hash DOS attack
SourceForge.net
2012-03-03 19:01:32 UTC
Permalink
Bugs item #3496608, was opened at 2012-03-03 11:01
Message generated for change (Tracker Item Submitted) made by kwaclaw
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 7
Private: No
Submitted By: Karl Waclawek (kwaclaw)
Assigned to: Karl Waclawek (kwaclaw)
Summary: CVE-2012-0876 - Hash DOS attack

Initial Comment:
The hash table implementation in Expat can be attacked by a carefully crafted input document where all identifiers hash to the same value.
This leads to a denial of service scenario by forcing hash table lookups to do linear searching.
CVE-2012-0876 (see http://http://www.cve.mitre.org) has been reserved for this issue.
Also discussed on bugs.python.org/issue13703#msg151870 .

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127
SourceForge.net
2012-03-03 19:20:16 UTC
Permalink
Bugs item #3496608, was opened at 2012-03-03 11:01
Message generated for change (Comment added) made by kwaclaw
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: Test Required
Status: Open
Resolution: Fixed
Priority: 7
Private: No
Submitted By: Karl Waclawek (kwaclaw)
Assigned to: Karl Waclawek (kwaclaw)
Summary: CVE-2012-0876 - Hash DOS attack

Initial Comment:
The hash table implementation in Expat can be attacked by a carefully crafted input document where all identifiers hash to the same value.
This leads to a denial of service scenario by forcing hash table lookups to do linear searching.
CVE-2012-0876 (see http://http://www.cve.mitre.org) has been reserved for this issue.
Also discussed on bugs.python.org/issue13703#msg151870 .

----------------------------------------------------------------------
Comment By: Karl Waclawek (kwaclaw)
Date: 2012-03-03 11:20

Message:
Fixed in expat.h rev 1.81 and xmlparse.c rev 1.168.
Thanks to David Malcolm (RedHat) for providing me with the initial version
of the patch.

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127
SourceForge.net
2012-03-06 04:37:54 UTC
Permalink
Bugs item #3496608, was opened at 2012-03-03 11:01
Message generated for change (Settings changed) made by kwaclaw
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: Test Required
Status: Open
Resolution: Fixed
Priority: 7
Private: Yes
Submitted By: Karl Waclawek (kwaclaw)
Assigned to: Karl Waclawek (kwaclaw)
Summary: CVE-2012-0876 - Hash DOS attack

Initial Comment:
The hash table implementation in Expat can be attacked by a carefully crafted input document where all identifiers hash to the same value.
This leads to a denial of service scenario by forcing hash table lookups to do linear searching.
CVE-2012-0876 (see http://http://www.cve.mitre.org) has been reserved for this issue.
Also discussed on bugs.python.org/issue13703#msg151870 .

----------------------------------------------------------------------

Comment By: Karl Waclawek (kwaclaw)
Date: 2012-03-03 11:20

Message:
Fixed in expat.h rev 1.81 and xmlparse.c rev 1.168.
Thanks to David Malcolm (RedHat) for providing me with the initial version
of the patch.

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127
SourceForge.net
2012-03-09 14:22:14 UTC
Permalink
Bugs item #3496608, was opened at 2012-03-03 11:01
Message generated for change (Settings changed) made by kwaclaw
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: Test Required
Status: Open
Resolution: Fixed
Priority: 7
Post by SourceForge.net
Private: No
Submitted By: Karl Waclawek (kwaclaw)
Assigned to: Karl Waclawek (kwaclaw)
Summary: CVE-2012-0876 - Hash DOS attack

Initial Comment:
The hash table implementation in Expat can be attacked by a carefully crafted input document where all identifiers hash to the same value.
This leads to a denial of service scenario by forcing hash table lookups to do linear searching.
CVE-2012-0876 (see http://http://www.cve.mitre.org) has been reserved for this issue.
Also discussed on bugs.python.org/issue13703#msg151870 .

----------------------------------------------------------------------

Comment By: Karl Waclawek (kwaclaw)
Date: 2012-03-03 11:20

Message:
Fixed in expat.h rev 1.81 and xmlparse.c rev 1.168.
Thanks to David Malcolm (RedHat) for providing me with the initial version
of the patch.

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127
Loading...