CVE-2012-0039
Published: 14 January 2012
** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.
Notes
Author | Note |
---|---|
mdeslaur | as of 2012-02-21, upstream has simply added a warning: http://git.gnome.org/browse/glib/commit/?id=030b3f25e3e5c018247e18bf309e0454ba138898 http://git.gnome.org/browse/glib/commit/?id=12060df9f17a48cd4c7fda27a0af70c17c308ad9 This CVE is disputed by upstream, we will not be fixing this issue in stable releases |
Priority
Status
Package | Release | Status |
---|---|---|
glib2.0 Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Ignored
|
|
cosmic |
Ignored
|
|
disco |
Ignored
|
|
hardy |
Ignored
(end of life)
|
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Ignored
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Ignored
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|