SourceForge.net
2012-03-03 19:01:32 UTC
Bugs item #3496608, was opened at 2012-03-03 11:01
Message generated for change (Tracker Item Submitted) made by kwaclaw
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 7
Private: No
Submitted By: Karl Waclawek (kwaclaw)
Assigned to: Karl Waclawek (kwaclaw)
Summary: CVE-2012-0876 - Hash DOS attack
Initial Comment:
The hash table implementation in Expat can be attacked by a carefully crafted input document where all identifiers hash to the same value.
This leads to a denial of service scenario by forcing hash table lookups to do linear searching.
CVE-2012-0876 (see http://http://www.cve.mitre.org) has been reserved for this issue.
Also discussed on bugs.python.org/issue13703#msg151870 .
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127
Message generated for change (Tracker Item Submitted) made by kwaclaw
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 7
Private: No
Submitted By: Karl Waclawek (kwaclaw)
Assigned to: Karl Waclawek (kwaclaw)
Summary: CVE-2012-0876 - Hash DOS attack
Initial Comment:
The hash table implementation in Expat can be attacked by a carefully crafted input document where all identifiers hash to the same value.
This leads to a denial of service scenario by forcing hash table lookups to do linear searching.
CVE-2012-0876 (see http://http://www.cve.mitre.org) has been reserved for this issue.
Also discussed on bugs.python.org/issue13703#msg151870 .
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127