CVE-2012-0039Glib vulnerability

CWE-3108 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 34.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gnome Glib
Timeline
PublishedJan 14
Latest updateMay 4

Description

GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full c

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDgnome/glib2.31.8+256

🔴Vulnerability Details

3
GHSA
GHSA-7w5v-h2pc-qqwc: ** DISPUTED ** GLib 22022-05-04
CVEList
CVE-2012-0039: GLib 22012-01-14
OSV
CVE-2012-0039: GLib 22012-01-14

📋Vendor Advisories

2
Debian
CVE-2012-0039: glib2.0 - GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash val...2012
Red Hat
glib2: hash table collisions CPU usage DoS2003-05-29

💬Community

2
Bugzilla
CVE-2012-3387 CVE-2012-3388 CVE-2012-3389 CVE-2012-3390 CVE-2012-3391 CVE-2012-3392 CVE-2012-3393 CVE-2012-3394 CVE-2012-3395 CVE-2012-3396 CVE-2012-3397 CVE-2012-3398 moodle: upstream 2.3.1, 2.2.4, 22012-07-20
Bugzilla
CVE-2012-0039 glib2: hash table collisions CPU usage DoS2012-01-09
CVE-2012-0039 — Gnome Glib vulnerability | cvebase