Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2012-6702

Published: Jun 16, 2016 | Modified: Nov 07, 2023
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2012-6702
CWEhttps://cwe.mitre.org/data/definitions/310.html

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

Affected Software

Name Vendor Start Version End Version
Libexpat Libexpat_project * 2.2.0 (excluding)
Audacity Ubuntu kinetic *
Audacity Ubuntu lunar *
Audacity Ubuntu mantic *
Ayttm Ubuntu precise *
Ayttm Ubuntu wily *
Ayttm Ubuntu yakkety *
Cableswig Ubuntu precise *
Cableswig Ubuntu wily *
Cadaver Ubuntu artful *
Cadaver Ubuntu precise *
Cadaver Ubuntu wily *
Cadaver Ubuntu yakkety *
Cadaver Ubuntu zesty *
Coin3 Ubuntu artful *
Coin3 Ubuntu precise *
Coin3 Ubuntu wily *
Coin3 Ubuntu yakkety *
Coin3 Ubuntu zesty *
Expat Ubuntu precise *
Expat Ubuntu trusty *
Expat Ubuntu upstream *
Expat Ubuntu vivid/stable-phone-overlay *
Expat Ubuntu vivid/ubuntu-core *
Expat Ubuntu wily *
Expat Ubuntu xenial *
Insighttoolkit Ubuntu esm-apps/xenial *
Insighttoolkit Ubuntu precise *
Insighttoolkit Ubuntu trusty *
Insighttoolkit Ubuntu wily *
Insighttoolkit Ubuntu xenial *
Kompozer Ubuntu precise *
Libparagui1.1 Ubuntu precise *
Libxmltok Ubuntu hirsute *
Libxmltok Ubuntu trusty *
Libxmltok Ubuntu xenial *
Matanza Ubuntu artful *
Matanza Ubuntu precise *
Matanza Ubuntu wily *
Matanza Ubuntu yakkety *
Matanza Ubuntu zesty *
Simgear Ubuntu precise *
Sitecopy Ubuntu artful *
Sitecopy Ubuntu precise *
Sitecopy Ubuntu wily *
Sitecopy Ubuntu yakkety *
Sitecopy Ubuntu zesty *
Swish-e Ubuntu artful *
Swish-e Ubuntu precise *
Swish-e Ubuntu wily *
Swish-e Ubuntu yakkety *
Swish-e Ubuntu zesty *
Tdom Ubuntu artful *
Tdom Ubuntu precise *
Tdom Ubuntu wily *
Tdom Ubuntu yakkety *
Tdom Ubuntu zesty *
Tla Ubuntu precise *
Tla Ubuntu wily *
Tla Ubuntu yakkety *
Tla Ubuntu zesty *
Vnc4 Ubuntu artful *
Vnc4 Ubuntu bionic *
Vnc4 Ubuntu cosmic *
Vnc4 Ubuntu disco *
Vnc4 Ubuntu eoan *
Vnc4 Ubuntu esm-apps/bionic *
Vnc4 Ubuntu esm-apps/xenial *
Vnc4 Ubuntu esm-infra-legacy/trusty *
Vnc4 Ubuntu precise *
Vnc4 Ubuntu trusty *
Vnc4 Ubuntu trusty/esm *
Vnc4 Ubuntu upstream *
Vnc4 Ubuntu wily *
Vnc4 Ubuntu xenial *
Vnc4 Ubuntu yakkety *
Vnc4 Ubuntu zesty *
Vtk Ubuntu precise *
Vtk Ubuntu wily *
Wbxml2 Ubuntu artful *
Wbxml2 Ubuntu precise *
Wbxml2 Ubuntu wily *
Wbxml2 Ubuntu yakkety *
Wbxml2 Ubuntu zesty *
Wxwidgets2.6 Ubuntu precise *
Wxwidgets2.8 Ubuntu precise *
Wxwidgets2.8 Ubuntu wily *
Xmlrpc-c Ubuntu artful *
Xmlrpc-c Ubuntu bionic *
Xmlrpc-c Ubuntu cosmic *
Xmlrpc-c Ubuntu devel *
Xmlrpc-c Ubuntu disco *
Xmlrpc-c Ubuntu eoan *
Xmlrpc-c Ubuntu esm-apps/bionic *
Xmlrpc-c Ubuntu esm-apps/focal *
Xmlrpc-c Ubuntu esm-apps/jammy *
Xmlrpc-c Ubuntu esm-apps/noble *
Xmlrpc-c Ubuntu esm-apps/xenial *
Xmlrpc-c Ubuntu esm-infra-legacy/trusty *
Xmlrpc-c Ubuntu focal *
Xmlrpc-c Ubuntu groovy *
Xmlrpc-c Ubuntu hirsute *
Xmlrpc-c Ubuntu impish *
Xmlrpc-c Ubuntu jammy *
Xmlrpc-c Ubuntu kinetic *
Xmlrpc-c Ubuntu lunar *
Xmlrpc-c Ubuntu mantic *
Xmlrpc-c Ubuntu noble *
Xmlrpc-c Ubuntu oracular *
Xmlrpc-c Ubuntu precise *
Xmlrpc-c Ubuntu trusty *
Xmlrpc-c Ubuntu trusty/esm *
Xmlrpc-c Ubuntu wily *
Xmlrpc-c Ubuntu xenial *
Xmlrpc-c Ubuntu yakkety *
Xmlrpc-c Ubuntu zesty *
Xotcl Ubuntu artful *
Xotcl Ubuntu precise *
Xotcl Ubuntu wily *
Xotcl Ubuntu yakkety *
Xotcl Ubuntu zesty *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use