Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 501194 (CVE-2012-2328) - <dev-java/sblim-cim-client-2.1.12: Hash collision DoS (CVE-2012-2328)
Summary: <dev-java/sblim-cim-client-2.1.12: Hash collision DoS (CVE-2012-2328)
Alias: CVE-2012-2328
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~3 [cleanup]
Depends on:
Blocks: hashDoS
  Show dependency tree
Reported: 2014-02-13 14:57 UTC by GLSAMaker/CVETool Bot
Modified: 2014-05-23 17:37 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2014-02-13 14:57:21 UTC
CVE-2012-2328 (
  internal/cimxml/sax/ in Standards-Based Linux
  Instrumentation for Manageability (SBLIM) Common Information Model (CIM)
  Client (aka sblim-cim-client2) before 2.1.12 computes hash values without
  restricting the ability to trigger hash collisions predictably, which allows
  context-dependent attackers to cause a denial of service (CPU consumption)
  via a crafted XML file.

Needs cleanup.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2014-05-20 22:13:44 UTC
Maintainer(s), please drop the vulnerable version.
Comment 2 Tom Wijsman (TomWij) (RETIRED) gentoo-dev 2014-05-23 15:16:07 UTC
+  23 May 2014; Tom Wijsman <> -sblim-cim-client-1.3.5.ebuild,
+  -sblim-cim-client-2.0.5.ebuild:
+  Remove old, for security bug #501194 (CVE-2012-2328).

Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2014-05-23 17:37:33 UTC
Maintainer(s), Thank you for cleanup!

No GLSA needed as there are no stable versions.