CVE-2012-0039
HIGHGLib < 2.31.8 - Denial of Service via Predictable Hash Collisions in g_str_hash
Title source: llmDescription
GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.
References (4)
Core 4
Core References
Issue Tracking
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=772720
Mailing List mailing-list
http://openwall.com/lists/oss-security/2012/01/10/12
Various Sources mailing-list
http://mail.gnome.org/archives/gtk-devel-list/2003-May/msg00111.html
Scores
CVSS v3
7.5
EPSS
0.0049
EPSS Percentile
65.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-310
Status
published
Products (50)
gnome/glib
1.1.12
gnome/glib
1.1.12-1
gnome/glib
1.1.15
gnome/glib
1.2.0
gnome/glib
1.2.1
gnome/glib
1.2.2
gnome/glib
1.2.3
gnome/glib
1.2.4
gnome/glib
1.2.5
gnome/glib
1.2.6
... and 40 more
Published
Jan 14, 2012
Tracked Since
Feb 18, 2026