Summary: | dev-libs/glib : hash collision DoS (CVE-2012-0039) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED CANTFIX | ||
Severity: | normal | CC: | gnome |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=772720 | ||
Whiteboard: | A3 [upstream] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 396397 |
Description
Agostino Sarubbo
2012-01-10 10:54:24 UTC
If any glib-based libraries or applications use g_str_hash() to compare unbounded sets of strings from a potentially hostile source, they need to be fixed to use a different hash function. Fixing g_str_hash() itself is probably not an option since upstream considers its algorithm to be part of the glib API (https://bugzilla.redhat.com/show_bug.cgi?id=772720#c1) ** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application. |