Strix
26.1K

CVE-2012-0841

UnknownEPSS 3.17%

Last modified

CVE-2012-0841 is a vulnerability of currently unknown severity. libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.. EPSS estimates a 3.17% chance of exploitation in the next 30 days.

Description

libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.

Metrics

EPSS Probability
3.17%

86.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
XmlsoftLibxml2<= 2.7.8
XmlsoftLibxml21.7.0
XmlsoftLibxml21.7.1
XmlsoftLibxml21.7.2
XmlsoftLibxml21.7.3
XmlsoftLibxml21.7.4
XmlsoftLibxml21.8.0
XmlsoftLibxml21.8.1
XmlsoftLibxml21.8.2
XmlsoftLibxml21.8.3
XmlsoftLibxml21.8.4
XmlsoftLibxml21.8.5
XmlsoftLibxml21.8.6
XmlsoftLibxml21.8.7
XmlsoftLibxml21.8.9
XmlsoftLibxml21.8.10
XmlsoftLibxml21.8.13
XmlsoftLibxml21.8.14
XmlsoftLibxml21.8.16
XmlsoftLibxml22.0.0
XmlsoftLibxml22.1.0
XmlsoftLibxml22.1.1
XmlsoftLibxml22.2.0
XmlsoftLibxml22.2.1
XmlsoftLibxml22.2.2
XmlsoftLibxml22.2.3
XmlsoftLibxml22.2.4
XmlsoftLibxml22.2.5
XmlsoftLibxml22.2.6
XmlsoftLibxml22.2.7
XmlsoftLibxml22.2.8
XmlsoftLibxml22.2.9
XmlsoftLibxml22.2.10
XmlsoftLibxml22.2.11
XmlsoftLibxml22.3.0
XmlsoftLibxml22.3.1
XmlsoftLibxml22.3.2
XmlsoftLibxml22.3.3
XmlsoftLibxml22.3.4
XmlsoftLibxml22.3.5
XmlsoftLibxml22.3.6
XmlsoftLibxml22.3.7
XmlsoftLibxml22.3.8
XmlsoftLibxml22.3.9
XmlsoftLibxml22.3.10
XmlsoftLibxml22.3.11
XmlsoftLibxml22.3.12
XmlsoftLibxml22.3.13
XmlsoftLibxml22.3.14
XmlsoftLibxml22.4.1

Showing 50 of 171 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2012-0841?
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.
How severe is CVE-2012-0841?
Severity scoring for CVE-2012-0841 is pending analysis. The EPSS model estimates a 3.17% probability of exploitation in the next 30 days.
How do I fix CVE-2012-0841?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-0841?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST