#VU33052 Cryptographic issues in expat - CVE-2012-6702

Cybersecurity Help s.r.o.

Published: 2016-06-16 | Updated: 2020-08-03

Vulnerability identifier: #VU33052

Vulnerability risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2012-6702

CWE-ID: CWE-310

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
expat
Universal components / Libraries / Libraries used by multiple products

Vendor: libexpat.org

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

Mitigation
Install update from vendor's website.

Vulnerable software versions

expat: 2.0.0 - 2.1.1

External links
https://www.debian.org/security/2016/dsa-3597
https://www.openwall.com/lists/oss-security/2016/06/03/8
https://www.openwall.com/lists/oss-security/2016/06/04/1
https://www.securityfocus.com/bid/91483
https://www.ubuntu.com/usn/USN-3010-1
https://security.gentoo.org/glsa/201701-21
https://source.android.com/security/bulletin/2016-11-01.html
https://www.tenable.com/security/tns-2016-20

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Dell NetWorker Management Console update for third-party components

Multiple vulnerabilities in Dell ThinOS

Cryptographic issues in expat (Alpine package)

Gentoo update for Expat

Cryptographic issues in libexpat expat

Fedora 22 update for expat

Fedora 23 update for expat

Fedora 24 update for expat