| Summary: | dev-libs/xerces-c: hash table collisions CPU usage DoS (oCERT-2011-003) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED WONTFIX | ||
| Severity: | minor | CC: | cpp+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=787103 | ||
| Whiteboard: | B3 [upstream] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 396397 | ||
No traceable information for this vulnerability. No other distro has anything either regarding the matter either. |
From ${URL} : Juraj Somorovsky reported that certain XML parsers/servers are affected by the same, or similar, flaw as the hash table collisions CPU usage denial of service. Sending a specially crafted message to an XML service can result in longer processing time, which could lead to a denial of service. It is reported that this attack on XML can be applied on different XML nodes (such as entities, element attributes, namespaces, various elements in the XML security, etc.). xerces-c is written in C++ and makes significant use of arrays. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.