XML Parser Hash Collision Denial of Service Vulnerability

XML Parser Hash Collision Denial of Service Vulnerability

CVE-2012-0876 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

Learn more about our Web Application Penetration Testing UK.