oss-sec mailing list archives
ocaml-xml-light: hash table collisions CPU usage DoS CVE-2012-3514
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 20 Aug 2012 23:45:27 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xml-Light has been moved to google code SVN here : http://ocamllibs.googlecode.com/svn/trunk/xml-light/ I've applied a fix in r234 by using String Map instead of Hashtbl for DTD proof. Best, Nicolas Please use CVE-2012-3514 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJQMyB2AAoJEBYNRVNeJnmT2LsP/R61a+0G7wbAr3wJ6UUrZnZQ uxjWASbL1gPUQ0S/Oglo3VPBddgT63DiEHEZ43pjZAwe7kmfvPFCFNbWlGn7sfVT M06U44AXArfmyBmutCJJl9iqPTIWN7lgC9QvrjMEcXc+rLod3gNodMiKVRSXhSkm Kva9SOwI/iyVAhjSYlMGf/FVwhyOJb4eB3IqXGGaTheoVEoJyxrMoqOhI2+o8jnC 6r4paBkNs5N7MnjmoSnGWtra1Ndm6ZFG/d015LUcE4poU8D2nPkfQx8LaVMR7xPk ZEaJNClAseZ0bcKRugxZ5ROlbkA1wW/2sGADV8MsdaQiC01dp1TgtqmlA4WFX1rr wBUY5Y5ZzoEpmWHPAG7SsY1gN+rNiOQtAjXwxxX8N3YpclRE5N7a88YfoqfEPjAa SkkePgXTHznIl+CQG5w4W+mtXd2Ui/HLnkdyLRUpq7/O/DVCgT3YJE/KUeyYGLuK lHJ4NoJX2WV4BurhmfV0mMhyRJii0L/c7KzSwD+vR2A2D7fBOZMfGnDzL8lCTI9K mTn0doedKWGVt+YjE+agOsKkOALGpHVlUmJQQnRDofEJ/gq4Mvi1/d9C0OWxYokY qF7tp982t+fNVxJMGsums8sVhWrdnaSZAhjwiHuLMTPUP+O+UOIYCcW29wGwJrU1 hwhBkaWtQuw/j9nY7OM8 =CEnw -----END PGP SIGNATURE-----
Current thread:
- ocaml-xml-light: hash table collisions CPU usage DoS CVE-2012-3514 Kurt Seifried (Aug 20)