CVE-2012-0839

OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://openwall.com/lists/oss-security/2012/02/07/1
http://openwall.com/lists/oss-security/2012/02/07/2
http://secunia.com/advisories/47853
http://www.mail-archive.com/caml-list%40inria.fr/msg01477.html
http://www.mail-archive.com/caml-list%40inria.fr/msg01478.html
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
http://openwall.com/lists/oss-security/2012/02/07/1
http://openwall.com/lists/oss-security/2012/02/07/2
http://secunia.com/advisories/47853
http://www.mail-archive.com/caml-list%40inria.fr/msg01477.html
http://www.mail-archive.com/caml-list%40inria.fr/msg01478.html
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:inria:ocaml::::::::
	cpe:2.3:a:inria:ocaml:1.07:::::::*
	cpe:2.3:a:inria:ocaml:2.02:::::::*
	cpe:2.3:a:inria:ocaml:2.04:::::::*
	cpe:2.3:a:inria:ocaml:2.99:alpha::::::
	cpe:2.3:a:inria:ocaml:3.00:::::::*
	cpe:2.3:a:inria:ocaml:3.01:::::::*
	cpe:2.3:a:inria:ocaml:3.02:::::::*
	cpe:2.3:a:inria:ocaml:3.03:alpha::::::
	cpe:2.3:a:inria:ocaml:3.04:::::::*
	cpe:2.3:a:inria:ocaml:3.05:beta::::::
	cpe:2.3:a:inria:ocaml:3.06:::::::*
	cpe:2.3:a:inria:ocaml:3.07:::::::*
	cpe:2.3:a:inria:ocaml:3.07:beta1::::::
	cpe:2.3:a:inria:ocaml:3.07:beta2::::::
	cpe:2.3:a:inria:ocaml:3.07:pl2::::::
	cpe:2.3:a:inria:ocaml:3.08:::::::*
	cpe:2.3:a:inria:ocaml:3.09:::::::*
	cpe:2.3:a:inria:ocaml:3.10:::::::*
	cpe:2.3:a:inria:ocaml:3.11:::::::*
	cpe:2.3:a:inria:ocaml:3.12:::::::*

History

21 Nov 2024, 01:35

Type	Values Removed	Values Added
References	~~() http://openwall.com/lists/oss-security/2012/02/07/1 -~~	() http://openwall.com/lists/oss-security/2012/02/07/1 -
References	~~() http://openwall.com/lists/oss-security/2012/02/07/2 -~~	() http://openwall.com/lists/oss-security/2012/02/07/2 -
References	~~() http://secunia.com/advisories/47853 -~~	() http://secunia.com/advisories/47853 -
References	~~() http://www.mail-archive.com/caml-list%40inria.fr/msg01477.html -~~	() http://www.mail-archive.com/caml-list%40inria.fr/msg01477.html -
References	~~() http://www.mail-archive.com/caml-list%40inria.fr/msg01478.html -~~	() http://www.mail-archive.com/caml-list%40inria.fr/msg01478.html -
References	~~() http://www.nruns.com/_downloads/advisory28122011.pdf -~~	() http://www.nruns.com/_downloads/advisory28122011.pdf -
References	~~() http://www.ocert.org/advisories/ocert-2011-003.html -~~	() http://www.ocert.org/advisories/ocert-2011-003.html -

Information

Published : 2012-02-08 20:55

Updated : 2025-04-11 00:51

NVD link : CVE-2012-0839

Mitre link : CVE-2012-0839

CVE.ORG link : CVE-2012-0839

JSON object : View

Products Affected

inria

ocaml

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2012-0839", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-02-08T20:55:00.797", "references": [{"url": "http://openwall.com/lists/oss-security/2012/02/07/1", "source": "secalert@redhat.com"}, {"url": "http://openwall.com/lists/oss-security/2012/02/07/2", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/47853", "source": "secalert@redhat.com"}, {"url": "http://www.mail-archive.com/caml-list%40inria.fr/msg01477.html", "source": "secalert@redhat.com"}, {"url": "http://www.mail-archive.com/caml-list%40inria.fr/msg01478.html", "source": "secalert@redhat.com"}, {"url": "http://www.nruns.com/_downloads/advisory28122011.pdf", "source": "secalert@redhat.com"}, {"url": "http://www.ocert.org/advisories/ocert-2011-003.html", "source": "secalert@redhat.com"}, {"url": "http://openwall.com/lists/oss-security/2012/02/07/1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://openwall.com/lists/oss-security/2012/02/07/2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/47853", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mail-archive.com/caml-list%40inria.fr/msg01477.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mail-archive.com/caml-list%40inria.fr/msg01478.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.nruns.com/_downloads/advisory28122011.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ocert.org/advisories/ocert-2011-003.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table."}, {"lang": "es", "value": "oCaml v3.12.1 y anteriores calcula los valores de hash sin restringir la capacidad para activar las colisiones hash predecibles, lo que permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de entrada modificada a una aplicaci\u00f3n que mantiene una tabla hash."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:inria:ocaml:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7FCCC63-2144-41C8-A384-B6AB6EAA4929", "versionEndIncluding": "3.12.1"}, {"criteria": "cpe:2.3:a:inria:ocaml:1.07:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8160D4BF-3382-4E3D-97E6-11C6B0C3621B"}, {"criteria": "cpe:2.3:a:inria:ocaml:2.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5EE9202-74C8-471E-9971-F61133468A11"}, {"criteria": "cpe:2.3:a:inria:ocaml:2.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "450149B1-9AD3-4805-A1F1-30DF8F689E3D"}, {"criteria": "cpe:2.3:a:inria:ocaml:2.99:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A28707EA-0DB5-4205-B725-3AA21EEF8F19"}, {"criteria": "cpe:2.3:a:inria:ocaml:3.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7629BE3-2FEF-456F-B8FD-6F984204E007"}, {"criteria": "cpe:2.3:a:inria:ocaml:3.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D3BDB5A-F5B5-44E3-8BE5-42BDECFEBEF0"}, {"criteria": "cpe:2.3:a:inria:ocaml:3.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB498E45-8F15-463C-BDEA-E3C60F8FC9F9"}, {"criteria": "cpe:2.3:a:inria:ocaml:3.03:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CB7041D-F3FB-4E66-A5AC-DA04ED4687F5"}, {"criteria": "cpe:2.3:a:inria:ocaml:3.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8708B04-4E69-45A8-88A2-34F31DFC3D24"}, {"criteria": "cpe:2.3:a:inria:ocaml:3.05:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FC1A656-4F08-4630-A580-5BEAEF6987D7"}, {"criteria": "cpe:2.3:a:inria:ocaml:3.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6284D4FB-9339-4034-8110-A014C5778534"}, {"criteria": "cpe:2.3:a:inria:ocaml:3.07:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6D71DF2-7C71-4B84-8F0A-DA9C021B700A"}, {"criteria": "cpe:2.3:a:inria:ocaml:3.07:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6526238-EF6B-485F-88E4-5FB9B37F917F"}, {"criteria": "cpe:2.3:a:inria:ocaml:3.07:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C091ABFB-F333-4098-B47B-675BC8387B79"}, {"criteria": "cpe:2.3:a:inria:ocaml:3.07:pl2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "580DB00F-0D6D-4105-BA4D-63738588F8E8"}, {"criteria": "cpe:2.3:a:inria:ocaml:3.08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74BFD663-606E-4738-8D69-F3FD5A6EE458"}, {"criteria": "cpe:2.3:a:inria:ocaml:3.09:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE0FBBB4-4226-49BA-884B-06314F7340F3"}, {"criteria": "cpe:2.3:a:inria:ocaml:3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52CB95FB-BEEB-4939-8DD4-433BEE5B2E52"}, {"criteria": "cpe:2.3:a:inria:ocaml:3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E70C216-47F6-4D62-A1D1-EE81C6A64B18"}, {"criteria": "cpe:2.3:a:inria:ocaml:3.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CF51308-F5C5-4FBA-A6C3-2A7F975BA7E4"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

5.0 /10