CVE-2012-2739Oracle JDK vulnerability

CWE-3106 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.9%
top 23.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle JDKOracle JREOracle Openjdk
Timeline
PublishedNov 28
Latest updateMay 17

Description

Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDoracle/openjdk1.7.0+2
NVDoracle/jdk1.7.0+1
NVDoracle/jre1.7.0+1

🔴Vulnerability Details

2
GHSA
GHSA-g4rj-4w28-44fg: Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to tri2022-05-17
CVEList
CVE-2012-2739: Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to tri2012-11-28

📋Vendor Advisories

2
Red Hat
java: Murmur hash function collisions (oCERT-2012-001)2012-11-23
Red Hat
java: hash table collisions CPU usage DoS (oCERT-2011-003)2011-12-28

💬Community

1
Bugzilla
CVE-2012-2739 java: hash table collisions CPU usage DoS (oCERT-2011-003)2011-11-01
CVE-2012-2739 — Oracle JDK vulnerability | cvebase