[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] libxml2: hash table collisions CPU usage DoS
From:       Huzaifa Sidhpurwala <huzaifas () redhat ! com>
Date:       2012-02-22 5:56:36
Message-ID: 4F4480C4.90606 () redhat ! com
[Download RAW message or body]

Juraj Somorovsky reported that certain XML parsers/servers are affected 
by the same, or similar, flaw as the hash table collisions CPU usage 
denial of service.  Sending a specially crafted message to an XML 
service can result in longer processing time, which could lead to a 
denial of service.  It is reported that this attack on XML can be 
applied on different XML nodes (such as entities, element attributes, 
namespaces, various elements in the XML security, etc.).

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=787067
https://rhn.redhat.com/errata/RHSA-2012-0324.html

Patch:
http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a

This has been assigned CVE-2012-0841


-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]