QwikSec

Security Database

CVE

CWE

Training

CVE-2012-2328

Published: Feb 10, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://sblim.cvs.sourceforge.net/viewvc/sblim/jsr48-client/src/org/sblim/cimclient/internal/cimxml/sax/NodeFactory.java?view=log#rev1.7

x_refsource_MISC

http://sourceforge.net/p/sblim/bugs/2381/

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2012:1621

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2013:0144

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.