CVE-2012-0839

EUVD-2012-0864
OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
inriaocaml
𝑥
≤ 3.12.1
inriaocaml
1.07
inriaocaml
2.02
inriaocaml
2.04
inriaocaml
2.99:alpha
inriaocaml
3.00
inriaocaml
3.01
inriaocaml
3.02
inriaocaml
3.03:alpha
inriaocaml
3.04
inriaocaml
3.05:beta
inriaocaml
3.06
inriaocaml
3.07
inriaocaml
3.07:beta1
inriaocaml
3.07:beta2
inriaocaml
3.07:pl2
inriaocaml
3.08
inriaocaml
3.09
inriaocaml
3.10
inriaocaml
3.11
inriaocaml
3.12
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ocaml
bookworm
4.13.1-4
fixed
bullseye
4.11.1-4
fixed
sid
5.2.0-3
fixed
squeeze
no-dsa
trixie
5.2.0-3
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ocaml
hardy
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
ignored
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
not-affected
utopic
ignored
vivid
ignored
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://openwall.com/lists/oss-security/2012/02/07/1
http://openwall.com/lists/oss-security/2012/02/07/2
http://secunia.com/advisories/47853
http://www.mail-archive.com/caml-list%40inria.fr/msg01477.html
http://www.mail-archive.com/caml-list%40inria.fr/msg01478.html
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
http://openwall.com/lists/oss-security/2012/02/07/1
http://openwall.com/lists/oss-security/2012/02/07/2
http://secunia.com/advisories/47853
http://www.mail-archive.com/caml-list%40inria.fr/msg01477.html
http://www.mail-archive.com/caml-list%40inria.fr/msg01478.html
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html