Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-2328 at MITRE


internal/cimxml/sax/ in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file.
CVSS v2 Scores
  National Vulnerability Database
Base Score 4.96
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

SUSE information

SUSE Bugzilla entry: 768128 [ASSIGNED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Evergreen 11.4
  • sblim-cim-client2 >= 2.1.3-9.1
  • sblim-cim-client2-javadoc >= 2.1.3-9.1
  • sblim-cim-client2-manual >= 2.1.3-9.1