CVE-2012-0839

Priority
Low
Description
OCaml 3.12.1 and earlier computes hash values without restricting the
ability to trigger hash collisions predictably, which allows
context-dependent attackers to cause a denial of service (CPU consumption)
via crafted input to an application that maintains a hash table.
References
Bugs
Notes
 mdeslaur> New randomization turned off by default and must be specifically
 mdeslaur> turned on by application. See upstream bug report.
 mdeslaur> Downgrading severity to low, since upstream won't change default
 mdeslaur> behaviour.
Package
Source: ocaml (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):not-affected
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (4.01.0-3ubuntu3)
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 16.10 (Yakkety Yak):not-affected
Ubuntu 17.04 (Zesty Zapus):not-affected
Patches:
Upstream:http://caml.inria.fr/cgi-bin/viewvc.cgi?view=revision&revision=12383 (4.00)
Upstream:http://caml.inria.fr/cgi-bin/viewvc.cgi?view=revision&revision=12384 (trunk)
More Information

Updated: 2017-05-10 22:32:15 UTC (commit 12521)