VDB
CVE-2012-2739
CVE-2012-2739
PUBLISHED
CVSS 5 MEDIUM
Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
EPSS 0.94% · 76.5th percentile
Risk Scores
CVSS v2.0
5
EPSS Score
0.94%
76.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| oracle | jdk | 1.7.0, 0, 1.7.0 |
| n/a | n/a | * |
| oracle | jre | 1.7.0, 1.7.0, 1.7.0 |
| oracle | openjdk | 1.6.0, 1.8.0, 0 |
Timeline
- Nov 28, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
References
- http://www.openwall.com/lists/oss-security/2012/06/17/1 technical
- http://www.nruns.com/_downloads/advisory28122011.pdf url
- http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html url
- https://bugzilla.redhat.com/show_bug.cgi?id=750533 url
- VU#903934 third-party-advisory
- [oss-security] 20120615 CVE request: java hashdos vulnerability mailing-list
- [core-libs-dev] 20120522 Review Request CR#7118743 : Alternative Hashing for String with Hash-based Maps mailing-list
- http://www.ocert.org/advisories/ocert-2011-003.html url
- https://nvd.nist.gov/vuln/detail/CVE-2012-2739 advisory