[issue14234] CVE-2012-0876 (hash table collisions CPU usage DoS) for embedded copy of expat
Gregory P. Smith
report at bugs.python.org
Wed Mar 14 06:27:46 CET 2012
Gregory P. Smith <greg at krypto.org> added the comment:
The existing pyexpat API doesn't give me a way to test if hash randomization is actually working so I'm going ahead without a specific test case for this.
Attributes are either reported to xmlparser.SameElementHandler in a dictionary (unordered) or are reported in a list in the order they appeared on the element depending on the xmlparser.ordered_attributes bool.
Python tracker <report at bugs.python.org>
More information about the Python-bugs-list