CVE-2012-0880 xml: xerces-c hash table collisions CPU usage DoS (oCERT-2011-003)

Vendor: Red Hat, Inc

Versions Affected: all

Description: Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions.

Xerces project note: Exploitation of this issue is not trivial. We are not aware of any well-known method to attack the hash function we use, but mathematically speaking we should assume it to be possible.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=787103
https://seclists.org/oss-sec/2014/q3/96
https://ocert.org/advisories/ocert-2011-003.html