CVE-2012-6702
CVE-2012-6702
| Published Date | 2025-12-11 |
|---|---|
| Product | centos |
| Severity | Medium (5.9) |
| Component | expat |
| Affected Versions | CentOS 7 |
| Patched Versions | expat-2.1.0-15_ol006.el7 |
CVE Details
OL CVE Issue Summary:
Invoking XML_Parse before rand() results in non-random, predictable output
Little entropy used for hash initialization
Integer overflow in doProlog()
XML_ParseBuffer() in xmlparse.c does not reject a negative length.