CVE-2012-0039

Priority
Low
Description
** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is
used, computes hash values without restricting the ability to trigger hash
collisions predictably, which allows context-dependent attackers to cause a
denial of service (CPU consumption) via crafted input to an application
that maintains a hash table. NOTE: this issue may be disputed by the
vendor; the existence of the g_str_hash function is not a vulnerability in
the library, because callers of g_hash_table_new and g_hash_table_new_full
can specify an arbitrary hash function that is appropriate for the
application.
References
Bugs
Notes
 mdeslaur> as of 2012-02-21, upstream has simply added a warning:
 mdeslaur> http://git.gnome.org/browse/glib/commit/?id=030b3f25e3e5c018247e18bf309e0454ba138898
 mdeslaur> http://git.gnome.org/browse/glib/commit/?id=12060df9f17a48cd4c7fda27a0af70c17c308ad9
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.04 (Zesty Zapus):needed
More Information

Updated: 2017-10-17 19:14:06 UTC (commit 13537)