CVE-2012-2739

Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
oraclejdk
𝑥
≤ 1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejre
𝑥
≤ 1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oracleopenjdk
𝑥
≤ 1.7.0
oracleopenjdk
1.6.0
oracleopenjdk
1.8.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openjdk-6
quantal
Fixed 6b24-1.11.5-0ubuntu1~12.10.1
released
precise
Fixed 6b24-1.11.5-0ubuntu1~12.04.1
released
oneiric
Fixed 6b24-1.11.5-0ubuntu1~11.10.1
released
natty
ignored
lucid
Fixed 6b24-1.11.5-0ubuntu1~10.04.2
released
hardy
Fixed 6b27-1.12.3-0ubuntu1~08.04.1
released
openjdk-6b18
quantal
dne
precise
dne
oneiric
ignored
natty
ignored
lucid
ignored
hardy
dne
openjdk-7
quantal
Fixed 7u9-2.3.3-0ubuntu1~12.10.1
released
precise
Fixed 7u9-2.3.3-0ubuntu1~12.04.1
released
oneiric
Fixed 7u9-2.3.3-0ubuntu1~11.10.1
released
natty
dne
lucid
dne
hardy
dne
sun-java5
quantal
dne
precise
dne
oneiric
dne
natty
dne
lucid
dne
hardy
ignored
sun-java6
quantal
dne
precise
dne
oneiric
dne
natty
dne
lucid
dne
hardy
ignored
Common Weakness Enumeration
References
http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html
http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html
http://www.kb.cert.org/vuls/id/903934
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
http://www.openwall.com/lists/oss-security/2012/06/15/12
http://www.openwall.com/lists/oss-security/2012/06/17/1
https://bugzilla.redhat.com/show_bug.cgi?id=750533
http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html
http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html
http://www.kb.cert.org/vuls/id/903934
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
http://www.openwall.com/lists/oss-security/2012/06/15/12
http://www.openwall.com/lists/oss-security/2012/06/17/1
https://bugzilla.redhat.com/show_bug.cgi?id=750533