Uploaded image for project: 'JBoss Web Server'
  1. JBoss Web Server
  2. JWS-221

CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]

    XMLWordPrintable

Details

    • Release Notes
    • Hide
      Similar to the denial of service flaw present in various programming languages' `hash` function usage, a flaw was found in `expat`.

      A specially-crafted set of keys could trigger hash function collisions. This would degrade dictionary performance by changing hash table operations complexity from an expected/average O(1) to the worst case O(n). Reporters were able to find colliding strings efficiently using a meet in the middle attack.

      This issue has been fixed in this release.
      Show
      Similar to the denial of service flaw present in various programming languages' `hash` function usage, a flaw was found in `expat`. A specially-crafted set of keys could trigger hash function collisions. This would degrade dictionary performance by changing hash table operations complexity from an expected/average O(1) to the worst case O(n). Reporters were able to find colliding strings efficiently using a meet in the middle attack. This issue has been fixed in this release.
    • Documented as Known Issue

    Description

      Similar to the denial of service flaw present in various programming languages' hash function usage, a flaw was found in expat:

      A specially-crafted set of keys could trigger hash function collisions, which
      degrade dictionary performance by changing hash table operations complexity
      from an expected/average O(1) to the worst case O. Reporters were able to
      find colliding strings efficiently using meet in the middle attack.

      This problem is similar to the issue that was previously reported for and fixed
      in e.g. perl:
      http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf

      Attachments

        Activity

          People

            gzaronik@redhat.com George Zaronikas
            rhn-support-twalsh Tim Walsh
            Bogdan Sikora Bogdan Sikora (Inactive)
            Lucas Costi Lucas Costi (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: