Search for vulnerabilities
Vulnerability details: VCID-gx4q-9nac-aaab
Vulnerability ID VCID-gx4q-9nac-aaab
Aliases CVE-2012-0876
Summary The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-400 Uncontrolled Resource Consumption
CWE-407 Inefficient Algorithmic Complexity
System Score Found at
generic_textual Medium http://blog.gmane.org/gmane.text.xml.expat.bugs/month=20120301
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0876.html
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0731
rhas Moderate https://access.redhat.com/errata/RHSA-2016:0062
rhas Important https://access.redhat.com/errata/RHSA-2016:2957
epss 0.00391 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00391 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00391 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00399 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00630 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00630 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00630 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00630 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00633 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00633 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00633 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00633 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00633 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00633 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00633 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00633 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00633 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00633 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00633 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.00633 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
epss 0.01059 https://api.first.org/data/v1/epss?cve=CVE-2012-0876
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=786617
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2012-0876
generic_textual Medium https://rhn.redhat.com/errata/RHSA-2012-0731.html
generic_textual Low https://ubuntu.com/security/notices/USN-1527-1
generic_textual Low https://ubuntu.com/security/notices/USN-1527-2
generic_textual Low https://ubuntu.com/security/notices/USN-1613-1
generic_textual Low https://ubuntu.com/security/notices/USN-1613-2
generic_textual Low https://usn.ubuntu.com/usn/usn-1527-1
generic_textual Low https://usn.ubuntu.com/usn/usn-1527-2
generic_textual Low https://usn.ubuntu.com/usn/usn-1613-1
generic_textual Low https://usn.ubuntu.com/usn/usn-1613-2
generic_textual Low http://www.openwall.com/lists/oss-security/2012/03/09/1
cvssv3.1 7.5 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Reference id Reference type URL
http://blog.gmane.org/gmane.text.xml.expat.bugs/month=20120301
http://bugs.python.org/issue13703#msg151870
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html
http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0876.html
http://rhn.redhat.com/errata/RHSA-2012-0731.html
http://rhn.redhat.com/errata/RHSA-2016-0062.html
http://rhn.redhat.com/errata/RHSA-2016-2957.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0876.json
https://api.first.org/data/v1/epss?cve=CVE-2012-0876
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148
http://secunia.com/advisories/49504
http://secunia.com/advisories/51024
http://secunia.com/advisories/51040
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
http://sourceforge.net/projects/expat/files/expat/2.1.0/
http://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127
https://rhn.redhat.com/errata/RHSA-2012-0731.html
https://support.apple.com/HT205637
https://ubuntu.com/security/notices/USN-1527-1
https://ubuntu.com/security/notices/USN-1527-2
https://ubuntu.com/security/notices/USN-1613-1
https://ubuntu.com/security/notices/USN-1613-2
https://usn.ubuntu.com/usn/usn-1527-1
https://usn.ubuntu.com/usn/usn-1527-2
https://usn.ubuntu.com/usn/usn-1613-1
https://usn.ubuntu.com/usn/usn-1613-2
https://www.tenable.com/security/tns-2016-20
http://www.debian.org/security/2012/dsa-2525
http://www.mandriva.com/security/advisories?name=MDVSA-2012:041
http://www.openwall.com/lists/oss-security/2012/03/09/1
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.securityfocus.com/bid/52379
http://www.ubuntu.com/usn/USN-1527-1
http://www.ubuntu.com/usn/USN-1613-1
http://www.ubuntu.com/usn/USN-1613-2
663579 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663579
786617 https://bugzilla.redhat.com/show_bug.cgi?id=786617
cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
CVE-2012-0876 https://nvd.nist.gov/vuln/detail/CVE-2012-0876
GLSA-201209-06 https://security.gentoo.org/glsa/201209-06
RHSA-2012:0731 https://access.redhat.com/errata/RHSA-2012:0731
RHSA-2016:0062 https://access.redhat.com/errata/RHSA-2016:0062
RHSA-2016:2957 https://access.redhat.com/errata/RHSA-2016:2957
USN-1527-1 https://usn.ubuntu.com/1527-1/
USN-1527-2 https://usn.ubuntu.com/1527-2/
USN-1613-1 https://usn.ubuntu.com/1613-1/
USN-1613-2 https://usn.ubuntu.com/1613-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2012-0876
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.58977
EPSS Score 0.00391
Published At April 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.