Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | < V4.4 |
| n/a | n/a | < 475e06113c615dafd44262d6d6bd37786f7f4206 |