CVE-2012-0039

Name of the Vulnerable Software and Affected Versions GLib versions 2.31.8 and earlier

Description The issue allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, because the g str hash function computes hash values without restricting the ability to trigger hash collisions predictably. Note that the existence of the g str hash function is not considered a vulnerability in the library, as callers of g hash table new and g hash table new full can specify an arbitrary hash function that is appropriate for the application.

Recommendations For GLib versions 2.31.8 and earlier, consider specifying an arbitrary hash function that is appropriate for the application when using g hash table new and g hash table new full to minimize the risk of exploitation. As a temporary workaround, consider restricting the input to applications that maintain hash tables until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.