MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2012-0839

CVSS 5.0v2.0pub. 2012-02-08upd. 2026-04-29

OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

CVSS Vector
AV:N/AC:L/Au:N/C:N/I:N/A:P
  • Inria Ocaml

    APP
    Inria
    1.072.022.042.993.003.013.023.033.043.053.063.073.083.093.10+ 3 więcej
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2011-4119CRITICAL9.8ten sam vendor

caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install.