CVE-2012-0039

Priority
Description
** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is
used, computes hash values without restricting the ability to trigger hash
collisions predictably, which allows context-dependent attackers to cause a
denial of service (CPU consumption) via crafted input to an application
that maintains a hash table. NOTE: this issue may be disputed by the
vendor; the existence of the g_str_hash function is not a vulnerability in
the library, because callers of g_hash_table_new and g_hash_table_new_full
can specify an arbitrary hash function that is appropriate for the
application.
Notes
 mdeslaur> as of 2012-02-21, upstream has simply added a warning:
 mdeslaur> http://git.gnome.org/browse/glib/commit/?id=030b3f25e3e5c018247e18bf309e0454ba138898
 mdeslaur> http://git.gnome.org/browse/glib/commit/?id=12060df9f17a48cd4c7fda27a0af70c17c308ad9
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needed
Trusty/esm:needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
More Information

Updated: 2019-04-26 14:14:34 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)