[issue14234] CVE-2012-0876 (hash table collisions CPU usage DoS) for embedded copy of expat
Jim Jewett
report at bugs.python.org
Thu Mar 15 21:50:28 CET 2012
Jim Jewett <jimjjewett at gmail.com> added the comment:
Looking at http://sourceforge.net/projects/expat/files/expat/2.1.0/, so long as XML_ATTR_INFO isn't defined at compile time, the changes are all considered bugfixes, and the XML_SetHashSalt is the only other changed API.
Is a potential Denial of Service really worse than a crash, such as these fixed bugs:
http://sourceforge.net/tracker/?func=detail&aid=2894085&group_id=10127&atid=110127
http://sourceforge.net/tracker/?func=detail&aid=1990430&group_id=10127&atid=110127
----------
nosy: +Jim.Jewett
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14234>
_______________________________________
More information about the Python-bugs-list
mailing list