Lucene search
RedhatCVE-2012-0841HistoryDec 21, 2012 - 5:46 a.m.
CVE-2012-0841
2012-12-2105:46:14
CWE-399
redhat
web.nvd.nist.gov
60
libxml2
cve-2012-0841
hash collision
vulnerability
nvd
denial of service
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
7.9
Confidence
High
EPSS
0.009
Percentile
82.9%
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.
Affected configurations
Node
xmlsoftlibxml2Range≤2.7.8
ORxmlsoftlibxml2Match1.7.0
ORxmlsoftlibxml2Match1.7.1
ORxmlsoftlibxml2Match1.7.2
ORxmlsoftlibxml2Match1.7.3
ORxmlsoftlibxml2Match1.7.4
ORxmlsoftlibxml2Match1.8.0
ORxmlsoftlibxml2Match1.8.1
ORxmlsoftlibxml2Match1.8.2
ORxmlsoftlibxml2Match1.8.3
ORxmlsoftlibxml2Match1.8.4
ORxmlsoftlibxml2Match1.8.5
ORxmlsoftlibxml2Match1.8.6
ORxmlsoftlibxml2Match1.8.7
ORxmlsoftlibxml2Match1.8.9
ORxmlsoftlibxml2Match1.8.10
ORxmlsoftlibxml2Match1.8.13
ORxmlsoftlibxml2Match1.8.14
ORxmlsoftlibxml2Match1.8.16
ORxmlsoftlibxml2Match2.0.0
ORxmlsoftlibxml2Match2.1.0
ORxmlsoftlibxml2Match2.1.1
ORxmlsoftlibxml2Match2.2.0
ORxmlsoftlibxml2Match2.2.0beta
ORxmlsoftlibxml2Match2.2.1
ORxmlsoftlibxml2Match2.2.2
ORxmlsoftlibxml2Match2.2.3
ORxmlsoftlibxml2Match2.2.4
ORxmlsoftlibxml2Match2.2.5
ORxmlsoftlibxml2Match2.2.6
ORxmlsoftlibxml2Match2.2.7
ORxmlsoftlibxml2Match2.2.8
ORxmlsoftlibxml2Match2.2.9
ORxmlsoftlibxml2Match2.2.10
ORxmlsoftlibxml2Match2.2.11
ORxmlsoftlibxml2Match2.3.0
ORxmlsoftlibxml2Match2.3.1
ORxmlsoftlibxml2Match2.3.2
ORxmlsoftlibxml2Match2.3.3
ORxmlsoftlibxml2Match2.3.4
ORxmlsoftlibxml2Match2.3.5
ORxmlsoftlibxml2Match2.3.6
ORxmlsoftlibxml2Match2.3.7
ORxmlsoftlibxml2Match2.3.8
ORxmlsoftlibxml2Match2.3.9
ORxmlsoftlibxml2Match2.3.10
ORxmlsoftlibxml2Match2.3.11
ORxmlsoftlibxml2Match2.3.12
ORxmlsoftlibxml2Match2.3.13
ORxmlsoftlibxml2Match2.3.14
ORxmlsoftlibxml2Match2.4.1
ORxmlsoftlibxml2Match2.4.2
ORxmlsoftlibxml2Match2.4.3
ORxmlsoftlibxml2Match2.4.4
ORxmlsoftlibxml2Match2.4.5
ORxmlsoftlibxml2Match2.4.6
ORxmlsoftlibxml2Match2.4.7
ORxmlsoftlibxml2Match2.4.8
ORxmlsoftlibxml2Match2.4.9
ORxmlsoftlibxml2Match2.4.10
ORxmlsoftlibxml2Match2.4.11
ORxmlsoftlibxml2Match2.4.12
ORxmlsoftlibxml2Match2.4.13
ORxmlsoftlibxml2Match2.4.14
ORxmlsoftlibxml2Match2.4.15
ORxmlsoftlibxml2Match2.4.16
ORxmlsoftlibxml2Match2.4.17
ORxmlsoftlibxml2Match2.4.18
ORxmlsoftlibxml2Match2.4.19
ORxmlsoftlibxml2Match2.4.20
ORxmlsoftlibxml2Match2.4.21
ORxmlsoftlibxml2Match2.4.22
ORxmlsoftlibxml2Match2.4.23
ORxmlsoftlibxml2Match2.4.24
ORxmlsoftlibxml2Match2.4.25
ORxmlsoftlibxml2Match2.4.26
ORxmlsoftlibxml2Match2.4.27
ORxmlsoftlibxml2Match2.4.28
ORxmlsoftlibxml2Match2.4.29
ORxmlsoftlibxml2Match2.4.30
ORxmlsoftlibxml2Match2.5.0
ORxmlsoftlibxml2Match2.5.4
ORxmlsoftlibxml2Match2.5.7
ORxmlsoftlibxml2Match2.5.8
ORxmlsoftlibxml2Match2.5.10
ORxmlsoftlibxml2Match2.5.11
ORxmlsoftlibxml2Match2.6.0
ORxmlsoftlibxml2Match2.6.1
ORxmlsoftlibxml2Match2.6.2
ORxmlsoftlibxml2Match2.6.3
ORxmlsoftlibxml2Match2.6.4
ORxmlsoftlibxml2Match2.6.5
ORxmlsoftlibxml2Match2.6.6
ORxmlsoftlibxml2Match2.6.7
ORxmlsoftlibxml2Match2.6.8
ORxmlsoftlibxml2Match2.6.9
ORxmlsoftlibxml2Match2.6.11
ORxmlsoftlibxml2Match2.6.12
ORxmlsoftlibxml2Match2.6.13
ORxmlsoftlibxml2Match2.6.14
ORxmlsoftlibxml2Match2.6.16
ORxmlsoftlibxml2Match2.6.17
ORxmlsoftlibxml2Match2.6.18
ORxmlsoftlibxml2Match2.6.20
ORxmlsoftlibxml2Match2.6.21
ORxmlsoftlibxml2Match2.6.22
ORxmlsoftlibxml2Match2.6.23
ORxmlsoftlibxml2Match2.6.24
ORxmlsoftlibxml2Match2.6.25
ORxmlsoftlibxml2Match2.6.26
ORxmlsoftlibxml2Match2.6.27
ORxmlsoftlibxml2Match2.6.28
ORxmlsoftlibxml2Match2.6.29
ORxmlsoftlibxml2Match2.6.30
ORxmlsoftlibxml2Match2.6.31
ORxmlsoftlibxml2Match2.6.32
ORxmlsoftlibxml2Match2.7.0
ORxmlsoftlibxml2Match2.7.1
ORxmlsoftlibxml2Match2.7.2
ORxmlsoftlibxml2Match2.7.3
ORxmlsoftlibxml2Match2.7.4
ORxmlsoftlibxml2Match2.7.5
ORxmlsoftlibxml2Match2.7.6
ORxmlsoftlibxml2Match2.7.7
Node
appleiphone_osRange≤6.1.4
ORappleiphone_osMatch1.0.0
ORappleiphone_osMatch1.0.1
ORappleiphone_osMatch1.0.2
ORappleiphone_osMatch1.1.0
ORappleiphone_osMatch1.1.1
ORappleiphone_osMatch1.1.2
ORappleiphone_osMatch1.1.3
ORappleiphone_osMatch1.1.4
ORappleiphone_osMatch1.1.5
ORappleiphone_osMatch2.0
ORappleiphone_osMatch2.0.0
ORappleiphone_osMatch2.0.1
ORappleiphone_osMatch2.0.2
ORappleiphone_osMatch2.1
ORappleiphone_osMatch2.1.1
ORappleiphone_osMatch2.2
ORappleiphone_osMatch2.2.1
ORappleiphone_osMatch3.0
ORappleiphone_osMatch3.0.1
ORappleiphone_osMatch3.1
ORappleiphone_osMatch3.1.2
ORappleiphone_osMatch3.1.3
ORappleiphone_osMatch3.2
ORappleiphone_osMatch3.2.1
ORappleiphone_osMatch3.2.2
ORappleiphone_osMatch4.0
ORappleiphone_osMatch4.0.1
ORappleiphone_osMatch4.0.2
ORappleiphone_osMatch4.1
ORappleiphone_osMatch4.2.1
ORappleiphone_osMatch4.2.5
ORappleiphone_osMatch4.2.8
ORappleiphone_osMatch4.3.0
ORappleiphone_osMatch4.3.1
ORappleiphone_osMatch4.3.2
ORappleiphone_osMatch4.3.3
ORappleiphone_osMatch4.3.5
ORappleiphone_osMatch5.0
ORappleiphone_osMatch5.0.1
ORappleiphone_osMatch5.1
ORappleiphone_osMatch5.1.1
ORappleiphone_osMatch6.0
ORappleiphone_osMatch6.0.1
ORappleiphone_osMatch6.0.2
ORappleiphone_osMatch6.1
ORappleiphone_osMatch6.1.2
ORappleiphone_osMatch6.1.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| xmlsoft | libxml2 | 2.4.27 | cpe:/a:xmlsoft:libxml2:2.4.27::: |
| xmlsoft | libxml2 | 1.7.3 | cpe:/a:xmlsoft:libxml2:1.7.3::: |
| xmlsoft | libxml2 | 2.2.2 | cpe:/a:xmlsoft:libxml2:2.2.2::: |
| xmlsoft | libxml2 | 2.4.4 | cpe:/a:xmlsoft:libxml2:2.4.4::: |
| xmlsoft | libxml2 | 2.4.19 | cpe:/a:xmlsoft:libxml2:2.4.19::: |
| xmlsoft | libxml2 | 2.2.4 | cpe:/a:xmlsoft:libxml2:2.2.4::: |
| xmlsoft | libxml2 | 2.4.14 | cpe:/a:xmlsoft:libxml2:2.4.14::: |
| xmlsoft | libxml2 | 2.6.17 | cpe:/a:xmlsoft:libxml2:2.6.17::: |
| xmlsoft | libxml2 | 2.6.29 | cpe:/a:xmlsoft:libxml2:2.6.29::: |
| xmlsoft | libxml2 | 1.7.4 | cpe:/a:xmlsoft:libxml2:1.7.4::: |
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846
git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a
lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
rhn.redhat.com/errata/RHSA-2012-0324.html
rhn.redhat.com/errata/RHSA-2013-0217.html
secunia.com/advisories/54886
secunia.com/advisories/55568
securitytracker.com/id?1026723
support.apple.com/kb/HT5934
support.apple.com/kb/HT6001
www.debian.org/security/2012/dsa-2417
www.mandriva.com/security/advisories?name=MDVSA-2013:150
www.openwall.com/lists/oss-security/2012/02/22/1
www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
www.securityfocus.com/bid/52107
www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
xmlsoft.org/news.html
blogs.oracle.com/sunsecurity/entry/cve_2012_0841_denial_of
Related
redhat
redhat
(RHSA-2012:0324) Moderate: libxml2 security update
2012-02-21 00:00:00
(RHSA-2012:1324) Important: rhev-hypervisor5 security and bug fix update
2012-10-02 00:00:00
(RHSA-2013:0217) Important: mingw32-libxml2 security update
2013-01-31 00:00:00
cvelist
cvelist
CVE-2012-0841
2012-12-21 02:00:00
nessus
nessus
Scientific Linux Security Update : libxml2 on SL5.x, SL6.x i386/x86_64 (20120221)
2012-08-01 00:00:00
RHEL 5 / 6 : libxml2 (RHSA-2012:0324)
2012-02-22 00:00:00
openSUSE Security Update : libxml2 (openSUSE-SU-2012:0342-1)
2014-06-13 00:00:00
oraclelinux
oraclelinux
libxml2 security update
2012-02-21 00:00:00
libxml2 security update
2012-09-18 00:00:00
mingw32-libxml2 security update
2013-01-31 00:00:00
openvas
openvas
RedHat Update for libxml2 RHSA-2012:0324-01
2012-02-27 00:00:00
Ubuntu: Security Advisory (USN-1376-1)
2012-03-07 00:00:00
Amazon Linux: Security Advisory (ALAS-2012-52)
2015-09-08 00:00:00
prion
prion
Code injection
2012-12-21 05:46:00
ubuntucve
ubuntucve
CVE-2012-0841
2012-02-22 00:00:00
veracode
veracode
Denial Of Service (DoS) CPU Consumption
2019-05-02 04:52:19
debian
debian
[SECURITY] [DSA 2417-1] libxml2 security update
2012-02-22 23:05:51
nvd
nvd
CVE-2012-0841
2012-12-21 05:46:14
gentoo
gentoo
libxml2: Denial of service
2012-03-06 00:00:00
securityvulns
securityvulns
libxmls library DoS
2012-02-24 00:00:00
[ MDVSA-2012:023 ] libxml2
2012-02-24 00:00:00
Apple iTunes multiple security vulnerabilities
2014-01-29 00:00:00
ubuntu
ubuntu
libxml2 vulnerability
2012-02-27 00:00:00
centos
centos
libxml2 security update
2012-02-22 14:26:48
mingw32 security update
2013-02-01 00:53:30
debiancve
debiancve
CVE-2012-0841
2012-12-21 05:46:14
amazon
amazon
Medium: libxml2
2012-03-04 16:12:00
vmware
vmware
VMware ESXi update to third party library
2012-07-12 00:00:00
VMware ESXi update to third party library
2012-07-12 00:00:00
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
suse
suse
Security update for libxml2 (important)
2013-11-04 17:04:12
Security update for libxml2 (important)
2013-11-04 18:04:12
fedora
fedora
[SECURITY] Fedora 16 Update: libxml2-2.7.8-8.fc16
2012-09-27 04:35:19
[SECURITY] Fedora 17 Update: libxml2-2.7.8-9.fc17
2012-09-26 08:56:06
oracle
oracle
Oracle Critical Patch Update - April 2013
2013-04-16 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
7.9
Confidence
High
EPSS
0.009
Percentile
82.9%
Related for CVE-2012-0841