Description
OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
References (7)
Core 7
Core References
Various Sources x_refsource_misc
http://www.nruns.com/_downloads/advisory28122011.pdf
Mailing List mailing-list
x_refsource_mlist
http://www.mail-archive.com/caml-list%40inria.fr/msg01477.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47853
Mailing List mailing-list
x_refsource_mlist
http://www.mail-archive.com/caml-list%40inria.fr/msg01478.html
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2012/02/07/2
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2012/02/07/1
Various Sources x_refsource_misc
http://www.ocert.org/advisories/ocert-2011-003.html
Scores
EPSS
0.0275
EPSS Percentile
84.5%
Details
CWE
CWE-20
Status
published
Products (18)
inria/ocaml
1.07
inria/ocaml
2.02
inria/ocaml
2.04
inria/ocaml
2.99 alpha
inria/ocaml
3.00
inria/ocaml
3.01
inria/ocaml
3.02
inria/ocaml
3.03 alpha
inria/ocaml
3.04
inria/ocaml
3.05 beta
... and 8 more
Published
Feb 08, 2012
Tracked Since
Feb 18, 2026