← Back

CVE-2012-6702

nvd nist
Published: Jun 16, 2016Modified: May 6, 2026

JSON object

Loading...
5.9
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

Affected (11)

Show all products
Libexpat Project: Libexpat · Canonical: Ubuntu Linux · Debian: Debian Linux · Google: Android
Libexpat Project
1 product
Libexpat
Canonical
1 product
Ubuntu Linux
Debian
1 product
Debian Linux
Google
1 product
Android
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Libexpat
Before 2.2.0
Configuration B
10 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 15.10
Ubuntu Linux
Version 16.04
Debian Linux
Version 8.0
Google
Android
Version 4.4.4
Android
Version 5.0.2
Android
Version 5.1.1
Android
Version 6.0.1
Android
Version 6.0

Related CWEs

CWE-310
CWE-310

References (16)

Source: security@opentext.com
Source: security@opentext.com
Source: security@opentext.com
Source: security@opentext.com
Source: security@opentext.com
Source: security@opentext.com
Source: security@opentext.com
Source: security@opentext.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.