CVE-2012-0839

Priority
Low
Description
OCaml 3.12.1 and earlier computes hash values without restricting the
ability to trigger hash collisions predictably, which allows
context-dependent attackers to cause a denial of service (CPU consumption)
via crafted input to an application that maintains a hash table.
References
Bugs
Notes
 mdeslaur> New randomization turned off by default and must be specifically
 mdeslaur> turned on by application. See upstream bug report.
 mdeslaur> Downgrading severity to low, since upstream won't change default
 mdeslaur> behaviour.
Package
Source: ocaml (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (4.01.0-3ubuntu3)
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 16.10 (Yakkety Yak):not-affected
Patches:
Upstream:http://caml.inria.fr/cgi-bin/viewvc.cgi?view=revision&revision=12383 (4.00)
Upstream:http://caml.inria.fr/cgi-bin/viewvc.cgi?view=revision&revision=12384 (trunk)
More Information

Updated: 2016-10-19 10:17:01 UTC (commit 11638)