CVE-2012-2739

Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Published: Nov 28, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-2739
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
oracle / jdk	-	1.7.0.x
oracle / jre	1.7.0-update3	1.7.0-update3.x
oracle / jdk	1.7.0-update2	1.7.0-update2.x
oracle / jdk	1.7.0	1.7.0.x
oracle / jre	1.7.0-update2	1.7.0-update2.x
oracle / jdk	1.7.0-update3	1.7.0-update3.x
oracle / jre	-	1.7.0.x
oracle / jre	1.7.0-update4	1.7.0-update4.x
oracle / jre	1.7.0	1.7.0.x
oracle / jdk	1.7.0-update1	1.7.0-update1.x
oracle / jdk	1.7.0-update4	1.7.0-update4.x
oracle / jre	1.7.0-update1	1.7.0-update1.x
oracle / openjdk	1.8.0	1.8.0.x
oracle / openjdk	1.6.0	1.6.0.x
oracle / openjdk	-	1.7.0.x

Vulnerability Database

289,599

CVE-2012-2739