CVE-2012-0839

Priority
Low
Description
OCaml 3.12.1 and earlier computes hash values without restricting the
ability to trigger hash collisions predictably, which allows
context-dependent attackers to cause a denial of service (CPU consumption)
via crafted input to an application that maintains a hash table.
References
Bugs
Notes
mdeslaur> New randomization turned off by default and must be specifically
mdeslaur> turned on by application. See upstream bug report.
mdeslaur> Downgrading severity to low, since upstream won't change default
mdeslaur> behaviour.
Package
Source: ocaml (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 12.10 (Quantal Quetzal):needed
Ubuntu 13.10 (Saucy Salamander):needed
Ubuntu 14.04 LTS (Trusty Tahr):needed
Patches:
Upstream:http://caml.inria.fr/cgi-bin/viewvc.cgi?view=revision&revision=12383 (4.00)
Upstream:http://caml.inria.fr/cgi-bin/viewvc.cgi?view=revision&revision=12384 (trunk)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-04-18 13:15:45 UTC (commit 7949)