CVE-2012-2739

Published: 11/28/2012 Last updated: 8/6/2024 Reserved: 5/14/2012

Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (1)

conf-openjdk

Products affected (1)

Product	Vendor	Version
n/a	n/a	<= 6.1.*

References (16)

http://www.nruns.com/_downloads/advisory28122011.pdf
http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html
https://bugzilla.redhat.com/show_bug.cgi?id=750533
http://www.openwall.com/lists/oss-security/2012/06/17/1
http://www.kb.cert.org/vuls/id/903934
http://www.openwall.com/lists/oss-security/2012/06/15/12
http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html
http://www.ocert.org/advisories/ocert-2011-003.html
http://www.nruns.com/_downloads/advisory28122011.pdf
http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html
https://bugzilla.redhat.com/show_bug.cgi?id=750533
http://www.openwall.com/lists/oss-security/2012/06/17/1
http://www.kb.cert.org/vuls/id/903934
http://www.openwall.com/lists/oss-security/2012/06/15/12
http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html
http://www.ocert.org/advisories/ocert-2011-003.html