oss-sec mailing list archives
Summer bug cleaning - some Hash DoS stuff
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 08 Jul 2014 13:45:00 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So in the spirit of cleaning out the fridge of mystery condiments I'm going through a bunch of old/lower severity bugs that have been lurking in our BZ. To start with some Hash DoS related stuff from 2012: https://bugzilla.redhat.com/show_bug.cgi?id=787103 CVE-2012-0880 xml: xerces-c hash table collisions CPU usage DoS (oCERT-2011-003 https://bugzilla.redhat.com/show_bug.cgi?id=787104 CVE-2012-0881 xml: xerces-j2 hash table collisions CPU usage DoS (oCERT-2011-003) https://bugzilla.redhat.com/show_bug.cgi?id=787109 CVE-2012-0877 PyXML: hash table collisions CPU usage DoS (oCERT-2011-003) Basically different code bases/etc, but all using poor hash implementations. - -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTvEo8AAoJEBYNRVNeJnmTDjYQANb8QbW9aaAVNe0xSrlfkFfO e1l5lloqDednTs1UOki75DYKmFDxT/TJjeOKCPptNojPcj0FpqWBDJkYd6fU5LNt J19SU3KDIPPwAK+AH7TGsl1+7mH3EcP0Ls9lGoVh1nS8ufeMhnGk9mhvZ+KTVscL 9eA7kbX+Ln33obDNohl4DBH6aQdr8e3n/8Fh4JBA1eZm2eHq5xi78mMJIRjTqmGe atzpedncu16zgS0GpJ0/Ty76dc0WshkSUR+k4eNeltqhafOPLdlw/G/wNsH+d3Uk gKw/W69pHSe15jN+rEBPoS/0koNlASWQuV0ufRWf+MsCPV/7PWE0kZpkHTQndtSv /b4DfD+fybD/xHp7lTPa59+5M4+FASl/ARz92EK2TUN9Q1ULTXZSaGPylKZ0kIUN iQHuButa43804YdXxUVR+zQTYKuuRqMIISizrf7cZ+9Cov35B1R3UDjt0+75rJ9e YAfcwvOfEbIOLUP4No3f77m5I/SWeazuuuytKzfAPg65+I/vASc8eqQPQ8UoVWOL kH5ryMvSE7hRTJRBY+XazZuWud13/UgvrySFKob2dSQkIrdwEDF5BenPEwin9VVC zslcGxvNBDDmbH7x+aVXCcFttDt9J1RXSs+qAKn081kwK/HNvIrI2nor26SVuq69 KvAPbnUoYmaLmMhwhGiK =GuDI -----END PGP SIGNATURE-----
Current thread:
- Summer bug cleaning - some Hash DoS stuff Kurt Seifried (Jul 08)