CVE

Id
53282  
CVE No.
CVE-2012-0039  
Status
Candidate  
Description
** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.  
Phase
Assigned (20111207)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
563103 53282 CVE-2012-0039 MLIST:[gtk-devel-list] 20030529 Algorimic Complexity Attack on GLIB 2.2.1  View
563104 53282 CVE-2012-0039 URL:http://mail.gnome.org/archives/gtk-devel-list/2003-May/msg00111.html  View
563105 53282 CVE-2012-0039 MLIST:[oss-security] 20120110 glib2 hash dos oCert-2011-003  View
563106 53282 CVE-2012-0039 URL:http://openwall.com/lists/oss-security/2012/01/10/12  View
563107 53282 CVE-2012-0039 MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
26740 JVNDB-2012-002447 Linux Kernel の drm_mode_dirtyfb_ioctl 関数における整数オーバーフローの脆弱性 Linux Kernel の Direct Rendering Manager (DRM) サブシステム内にある drivers/gpu/drm/drm_crtc.c の drm_mode_dirtyfb_ioctl 関数には、整数オーバーフロー脆弱性が存在します。 CVE-2012-0044 53282 7.2 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002447.html  View