Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 22 Feb 2012 11:14:36 +0530
From: Huzaifa Sidhpurwala <>
Subject: libxml2: hash table collisions CPU usage DoS

Juraj Somorovsky reported that certain XML parsers/servers are affected 
by the same, or similar, flaw as the hash table collisions CPU usage 
denial of service.  Sending a specially crafted message to an XML 
service can result in longer processing time, which could lead to a 
denial of service.  It is reported that this attack on XML can be 
applied on different XML nodes (such as entities, element attributes, 
namespaces, various elements in the XML security, etc.).



This has been assigned CVE-2012-0841

Huzaifa Sidhpurwala / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ