CVE-2012-2328 – sblim: hash table collisions CPU usage DoS
https://notcve.org/view.php?id=CVE-2012-2328
internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file. internal/cimxml/sax/NodeFactory.java en el cliente Common Information Model (CIM) de Standards-Based Linux Instrumentation for Manageability (SBLIM) (también conocido como sblim-cim-client2) anterior a 2.1.12 procesa valores hash sin restringir la posibilidad de provocar colisiones de hash previsibles, lo que permite a atacantes dependientes de contexto causar una denegación de servicio (consumo de CPU) a través de un archivo XML manipulado. • http://lists.opensuse.org/opensuse-updates/2012-12/msg00015.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00038.html http://rhn.redhat.com/errata/RHSA-2012-0987.html http://sblim.cvs.sourceforge.net/viewvc/sblim/jsr48-client/src/org/sblim/cimclient/internal/cimxml/sax/NodeFactory.java?view=log#rev1.7 http://sourceforge.net/p/sblim/bugs/2381 https://access.redhat.com/security/cve/CVE-2012-2328 https://bugzilla.redhat.com/show_bug.cgi?id=819733 • CWE-310: Cryptographic Issues •