CVE-2012-6702

5.9 MEDIUM

Published: June 16, 2016 Modified: May 06, 2026

Description

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://www.debian.org/security/2016/dsa-3597

Source: security@opentext.com

http://www.openwall.com/lists/oss-security/2016/06/03/8

Source: security@opentext.com

http://www.openwall.com/lists/oss-security/2016/06/04/1

Source: security@opentext.com

http://www.securityfocus.com/bid/91483

Source: security@opentext.com

http://www.ubuntu.com/usn/USN-3010-1

Source: security@opentext.com

https://security.gentoo.org/glsa/201701-21

Source: security@opentext.com

https://source.android.com/security/bulletin/2016-11-01.html

Source: security@opentext.com

https://www.tenable.com/security/tns-2016-20

Source: security@opentext.com

http://www.debian.org/security/2016/dsa-3597