Oracle Java SE and OpenJDK Hash Collision Vulnerability
CVE-2012-5373

Currently unrated

Key Information:

Vendor: Oracle
Status: Jdk; Jre; Openjdk
Vendor: CVE Published:; 28 November 2012

Summary

The vulnerability in Oracle Java SE and OpenJDK arises from the improper handling of hash values, which can trigger predictable hash collisions. This allows attackers to craft specific input that consumes significant CPU resources, leading to a denial of service condition for applications utilizing hash tables. A notable example includes the exploitation of the MurmurHash3 algorithm via a multicollision attack, enabling an attacker to disrupt service effectively. The issue necessitates prompt attention and mitigation strategies to prevent potential service disruption.

References

http://asfws12.files.wordpress.com/2012/11/asfws2012-jean...

x_refsource_MISC

http://www.securityfocus.com/bid/56673

vdb-entryx_refsource_BID

https://www.131002.net/data/talks/appsec12_slides.pdf

x_refsource_MISC

Timeline

Vulnerability published
Nov 28, 2012
Vulnerability Reserved
Oct 10, 2012