Upstream information

CVE-2012-2328 at MITRE


internal/cimxml/sax/ in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.96
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

This issue is currently rated as having low severity.

SUSE Bugzilla entry: 768128 [ASSIGNED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Evergreen 11.4
  • sblim-cim-client2 >= 2.1.3-9.1
  • sblim-cim-client2-javadoc >= 2.1.3-9.1
  • sblim-cim-client2-manual >= 2.1.3-9.1

The following information is the current evaluation information for this security issue. It might neither be accurate nor complete, Use at own risk.
Package/Codestreams planned to be updated:
sblim-cim-client2: SLES-11-SP3,SLES-for-VMware-11-SP3,SLED-11-SP3,SLED-11-SP4,SLES-11-SP4,SLES-12,SLED-12,SLES_LTSS-11-SP1,sap-aio-11-SP1,SLES-11-SP1,SLED-11-SP1,SLED-11-SP2,SLES-11-SP2,SLES-for-VMware-11-SP2,SLES_LTSS-11-SP2,SLES_SAP-11-SP2,SLES_SAP-11-SP3,sap-es-11-SP1,SLES_LTSS-11-SP3,SLES_SAP-11-SP4