5

CVE-2012-0839

OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
InriaOcaml Version <= 3.12.1
InriaOcaml Version1.07
InriaOcaml Version2.02
InriaOcaml Version2.04
InriaOcaml Version2.99 Updatealpha
InriaOcaml Version3.00
InriaOcaml Version3.01
InriaOcaml Version3.02
InriaOcaml Version3.03 Updatealpha
InriaOcaml Version3.04
InriaOcaml Version3.05 Updatebeta
InriaOcaml Version3.06
InriaOcaml Version3.07
InriaOcaml Version3.07 Updatebeta1
InriaOcaml Version3.07 Updatebeta2
InriaOcaml Version3.07 Updatepl2
InriaOcaml Version3.08
InriaOcaml Version3.09
InriaOcaml Version3.10
InriaOcaml Version3.11
InriaOcaml Version3.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.75% 0.843
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
http://openwall.com/lists/oss-security/2012/02/07/1
http://openwall.com/lists/oss-security/2012/02/07/2
http://secunia.com/advisories/47853
http://www.mail-archive.com/caml-list%40inria.fr/msg01477.html
http://www.mail-archive.com/caml-list%40inria.fr/msg01478.html