CVE-2012-2739 (retired)

Priority
Description
Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8
before build 39, computes hash values without restricting the ability to
trigger hash collisions predictably, which allows context-dependent
attackers to cause a denial of service (CPU consumption) via crafted input
to an application that maintains a hash table.
Notes
 sbeattie> openjdk-6b18 in oneiric has been superceded by openjdk-6
 sbeattie> openjdk-6b18 in lucid & natty would be superceded by
  openjdk-6 except that openjdk-6 FTBFS on armel (LP: #1043003)
 jdstrand> this was actually fixed in usn-1619-1 as part of the new upstream
  releases, but it wasn't reported as such.
Package
Upstream:released (6b24-1.11.5)
Package
Upstream:needs-triage
Package
Upstream:released (7u9-2.3.3)
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-03-26 12:02:15 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)