CVE-2012-2328

sblim: hash table collisions CPU usage DoS

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file.

internal/cimxml/sax/NodeFactory.java en el cliente Common Information Model (CIM) de Standards-Based Linux Instrumentation for Manageability (SBLIM) (también conocido como sblim-cim-client2) anterior a 2.1.12 procesa valores hash sin restringir la posibilidad de provocar colisiones de hash previsibles, lo que permite a atacantes dependientes de contexto causar una denegación de servicio (consumo de CPU) a través de un archivo XML manipulado.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-04-19 CVE Reserved
2012-06-20 CVE Published
2023-03-07 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-310: Cryptographic Issues

CAPEC

References (7)

URL	Tag	Source
http://sblim.cvs.sourceforge.net/viewvc/sblim/jsr48-client/src/org/sblim/cimclient/internal/cimxml/sax/NodeFactory.java?view=log#rev1.7	X_refsource_misc
http://sourceforge.net/p/sblim/bugs/2381	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-updates/2012-12/msg00015.html	2018-10-30
http://lists.opensuse.org/opensuse-updates/2013-01/msg00038.html	2018-10-30
http://rhn.redhat.com/errata/RHSA-2012-0987.html	2018-10-30
https://access.redhat.com/security/cve/CVE-2012-2328	2012-06-19
https://bugzilla.redhat.com/show_bug.cgi?id=819733	2012-06-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Standards Based Linux Instrumentation Project Search vendor "Standards Based Linux Instrumentation Project"		Standards-based Linux Common Information Model Client Search vendor "Standards Based Linux Instrumentation Project" for product "Standards-based Linux Common Information Model Client"				<= 2.1.11 Search vendor "Standards Based Linux Instrumentation Project" for product "Standards-based Linux Common Information Model Client" and version " <= 2.1.11"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				11.4 Search vendor "Opensuse" for product "Opensuse" and version "11.4"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				12.1 Search vendor "Opensuse" for product "Opensuse" and version "12.1"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				12.2 Search vendor "Opensuse" for product "Opensuse" and version "12.2"		-		Affected