CVE-2012-0839

Description

OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

How to fix CVE-2012-0839

To remediate CVE-2012-0839, upgrade the affected package to a fixed version below.

• Debian/ocaml—upgrade to 4.00.0~beta2-1 or later

Is CVE-2012-0839 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 4.00.0~beta2-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-0839