Unrated severityNVD Advisory· Published Jul 3, 2012· Updated Apr 29, 2026

CVE-2012-0876

Description

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

Affected products

Libexpat Project/Libexpat
cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Range: <2.1.0
Python (programming language)/Python
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Range: >=2.6.0,<2.6.8
Red Hat/Storage
cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux5 versions
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Oracle Corporation/Solaris
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop2 versions
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus
cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server2 versions
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation2 versions
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.python.org/issue13703nvdIssue TrackingThird Party Advisory
rhn.redhat.com/errata/RHSA-2012-0731.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-0062.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-2957.htmlnvdThird Party Advisory
sourceforge.net/projects/expat/files/expat/2.1.0/nvdRelease NotesThird Party Advisory
sourceforge.net/tracker/nvdThird Party Advisory
www.debian.org/security/2012/dsa-2525nvdThird Party Advisory
www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlnvdThird Party Advisory
www.securityfocus.com/bid/52379nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-1527-1nvdThird Party Advisory
www.ubuntu.com/usn/USN-1613-1nvdThird Party Advisory
www.ubuntu.com/usn/USN-1613-2nvdThird Party Advisory
support.apple.com/HT205637nvdThird Party Advisory
www.tenable.com/security/tns-2016-20nvdThird Party Advisory
lists.apple.com/archives/security-announce/2013/Oct/msg00004.htmlnvdBroken LinkMailing List
lists.apple.com/archives/security-announce/2015/Dec/msg00005.htmlnvdBroken LinkMailing List
mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.htmlnvdBroken Link
secunia.com/advisories/49504nvdNot Applicable
secunia.com/advisories/51024nvdNot Applicable
secunia.com/advisories/51040nvdNot Applicable
www.mandriva.com/security/advisoriesnvdBroken Link
kc.mcafee.com/corporate/indexnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000