Fluid Attacks Database

Description

GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 13	glib2.0	=2.84.3-1 \|\| =2.84.4-1 \|\| =2.84.4-2 \|\| =2.84.4-3 \|\| =2.84.4-3~deb13u1 \|\| =2.84.4-3~deb13u2 \|\| =2.84.4-3~deb13u3 \|\| =2.85.1-1 \|\| =2.85.1-2 \|\| =2.85.2-2 \|\| =2.85.3-1 \|\| =2.85.4-1 \|\| =2.86.0-1 \|\| =2.86.0-2 \|\| =2.86.0-3 \|\| =2.86.0-4 \|\| =2.86.0-5 \|\| =2.86.0-6 \|\| =2.86.0-7 \|\| =2.86.1-1 \|\| =2.86.1-2 \|\| =2.86.2-1 \|\| =2.86.3-1 \|\| =2.86.3-2 \|\| =2.86.3-3 \|\| =2.86.3-4 \|\| =2.86.3-5 \|\| =2.87.1-1 \|\| =2.87.2-1 \|\| =2.87.2-2 \|\| =2.87.2-3 \|\| =2.87.3-1 \|\| =2.87.3~gitlab0-1 \|\| =2.87.5-1 \|\| =2.88.0-1
rpm rhel5	glib2	-
rpm rhel6	glib2	-
debian 11	glib2.0	=2.66.8-1 \|\| =2.66.8-1+deb11u1 \|\| =2.66.8-1+deb11u2 \|\| =2.66.8-1+deb11u3 \|\| =2.66.8-1+deb11u4 \|\| =2.66.8-1+deb11u5 \|\| =2.66.8-1+deb11u6 \|\| =2.66.8-1+deb11u7 \|\| =2.66.8-1+deb11u8 \|\| =2.67.1-1 \|\| =2.67.2-1 \|\| =2.67.3+git20210214-1 \|\| =2.67.3-1 \|\| =2.67.4-1 \|\| =2.67.5-1 \|\| =2.67.5-2 \|\| =2.67.6-1 \|\| =2.68.0-1 \|\| =2.68.1-1 \|\| =2.68.1-2 \|\| =2.68.3-1 \|\| =2.68.3-2 \|\| =2.68.4-1 \|\| =2.70.0-1 \|\| =2.70.0-2 \|\| =2.70.0-3 \|\| =2.70.1-1 \|\| =2.70.2-1 \|\| =2.70.3-1 \|\| =2.70.4-1 \|\| =2.70.5-1 \|\| =2.71.0-1 \|\| =2.71.0-2 \|\| =2.71.1-1 \|\| =2.71.2-1 \|\| =2.71.3-1 \|\| =2.72.0-1 \|\| =2.72.1-1 \|\| =2.72.2-1 \|\| =2.72.2-2 \|\| =2.72.3-1 \|\| =2.73.1-1 \|\| =2.73.2-1 \|\| =2.73.3-1 \|\| =2.73.3-2 \|\| =2.73.3-3 \|\| =2.74.0-1 \|\| =2.74.0-2 \|\| =2.74.0-3 \|\| =2.74.1-1 \|\| =2.74.1-2 \|\| =2.74.2-1 \|\| =2.74.3-1 \|\| =2.74.4-1 \|\| =2.74.5-1 \|\| =2.74.6-1 \|\| =2.74.6-2 \|\| =2.75.0-1 \|\| =2.75.2-1 \|\| =2.75.3-1 \|\| =2.75.3-2 \|\| =2.75.3-3 \|\| =2.75.4-1 \|\| =2.76.0-1 \|\| =2.76.1-1 \|\| =2.76.2-1 \|\| =2.76.3-1 \|\| =2.76.4-1 \|\| =2.76.4-2 \|\| =2.76.4-3 \|\| =2.76.4-4 \|\| =2.77.0-1 \|\| =2.77.1-1 \|\| =2.77.1-2 \|\| =2.77.2-1 \|\| =2.77.3-1 \|\| =2.78.0-1 \|\| =2.78.0-2 \|\| =2.78.1-1 \|\| =2.78.1-2 \|\| =2.78.1-3 \|\| =2.78.1-4 \|\| =2.78.2-1 \|\| =2.78.3-1 \|\| =2.78.3-2 \|\| =2.78.4-1 \|\| =2.78.4-2 \|\| =2.78.4-2.1 \|\| =2.78.4-3 \|\| =2.78.4-4 \|\| =2.78.4-5 \|\| =2.78.4-6 \|\| =2.78.4-7 \|\| =2.79.0+git20240110~g38f5ba3c-1 \|\| =2.79.0+git20240110~g38f5ba3c-2 \|\| =2.79.0+git20240119~62ee8bf6-1 \|\| =2.79.1-1 \|\| =2.79.1-1.1~exp1 \|\| =2.79.2-1 \|\| =2.79.3-1 \|\| =2.79.3-2 \|\| =2.79.3-3 \|\| =2.80.0-1 \|\| =2.80.0-10 \|\| =2.80.0-2 \|\| =2.80.0-3 \|\| =2.80.0-4 \|\| =2.80.0-5 \|\| =2.80.0-6 \|\| =2.80.0-7 \|\| =2.80.0-8 \|\| =2.80.0-9 \|\| =2.80.1-1 \|\| =2.80.2-1 \|\| =2.80.2-2 \|\| =2.80.3-1 \|\| =2.80.4-1 \|\| =2.81.0-1 \|\| =2.81.1-1 \|\| =2.81.1-2 \|\| =2.81.1-3 \|\| =2.81.2-1 \|\| =2.82.0-1 \|\| =2.82.0-2 \|\| =2.82.1-1 \|\| =2.82.2-1 \|\| =2.82.2-2 \|\| =2.82.2-3 \|\| =2.82.3-1 \|\| =2.82.3-2 \|\| =2.82.4-1 \|\| =2.82.4-2 \|\| =2.83.2-1 \|\| =2.83.2-2 \|\| =2.83.3-1 \|\| =2.83.3-2 \|\| =2.83.4-1 \|\| =2.83.5-1 \|\| =2.84.0-1 \|\| =2.84.0-2 \|\| =2.84.1-1 \|\| =2.84.1-2 \|\| =2.84.1-3 \|\| =2.84.2-1 \|\| =2.84.3-1 \|\| =2.84.4-1 \|\| =2.84.4-2 \|\| =2.84.4-3 \|\| =2.84.4-3~deb13u1 \|\| =2.84.4-3~deb13u2 \|\| =2.84.4-3~deb13u3 \|\| =2.85.1-1 \|\| =2.85.1-2 \|\| =2.85.2-2 \|\| =2.85.3-1 \|\| =2.85.4-1 \|\| =2.86.0-1 \|\| =2.86.0-2 \|\| =2.86.0-3 \|\| =2.86.0-4 \|\| =2.86.0-5 \|\| =2.86.0-6 \|\| =2.86.0-7 \|\| =2.86.1-1 \|\| =2.86.1-2 \|\| =2.86.2-1 \|\| =2.86.3-1 \|\| =2.86.3-2 \|\| =2.86.3-3 \|\| =2.86.3-4 \|\| =2.86.3-5 \|\| =2.87.1-1 \|\| =2.87.2-1 \|\| =2.87.2-2 \|\| =2.87.2-3 \|\| =2.87.3-1 \|\| =2.87.3~gitlab0-1 \|\| =2.87.5-1 \|\| =2.88.0-1
debian 12	glib2.0	=2.74.6-2 \|\| =2.74.6-2+deb12u1 \|\| =2.74.6-2+deb12u2 \|\| =2.74.6-2+deb12u3 \|\| =2.74.6-2+deb12u4 \|\| =2.74.6-2+deb12u5 \|\| =2.74.6-2+deb12u6 \|\| =2.74.6-2+deb12u7 \|\| =2.74.6-2+deb12u8 \|\| =2.74.6-2+deb12u9 \|\| =2.75.0-1 \|\| =2.75.2-1 \|\| =2.75.3-1 \|\| =2.75.3-2 \|\| =2.75.3-3 \|\| =2.75.4-1 \|\| =2.76.0-1 \|\| =2.76.1-1 \|\| =2.76.2-1 \|\| =2.76.3-1 \|\| =2.76.4-1 \|\| =2.76.4-2 \|\| =2.76.4-3 \|\| =2.76.4-4 \|\| =2.77.0-1 \|\| =2.77.1-1 \|\| =2.77.1-2 \|\| =2.77.2-1 \|\| =2.77.3-1 \|\| =2.78.0-1 \|\| =2.78.0-2 \|\| =2.78.1-1 \|\| =2.78.1-2 \|\| =2.78.1-3 \|\| =2.78.1-4 \|\| =2.78.2-1 \|\| =2.78.3-1 \|\| =2.78.3-2 \|\| =2.78.4-1 \|\| =2.78.4-2 \|\| =2.78.4-2.1 \|\| =2.78.4-3 \|\| =2.78.4-4 \|\| =2.78.4-5 \|\| =2.78.4-6 \|\| =2.78.4-7 \|\| =2.79.0+git20240110~g38f5ba3c-1 \|\| =2.79.0+git20240110~g38f5ba3c-2 \|\| =2.79.0+git20240119~62ee8bf6-1 \|\| =2.79.1-1 \|\| =2.79.1-1.1~exp1 \|\| =2.79.2-1 \|\| =2.79.3-1 \|\| =2.79.3-2 \|\| =2.79.3-3 \|\| =2.80.0-1 \|\| =2.80.0-10 \|\| =2.80.0-2 \|\| =2.80.0-3 \|\| =2.80.0-4 \|\| =2.80.0-5 \|\| =2.80.0-6 \|\| =2.80.0-7 \|\| =2.80.0-8 \|\| =2.80.0-9 \|\| =2.80.1-1 \|\| =2.80.2-1 \|\| =2.80.2-2 \|\| =2.80.3-1 \|\| =2.80.4-1 \|\| =2.81.0-1 \|\| =2.81.1-1 \|\| =2.81.1-2 \|\| =2.81.1-3 \|\| =2.81.2-1 \|\| =2.82.0-1 \|\| =2.82.0-2 \|\| =2.82.1-1 \|\| =2.82.2-1 \|\| =2.82.2-2 \|\| =2.82.2-3 \|\| =2.82.3-1 \|\| =2.82.3-2 \|\| =2.82.4-1 \|\| =2.82.4-2 \|\| =2.83.2-1 \|\| =2.83.2-2 \|\| =2.83.3-1 \|\| =2.83.3-2 \|\| =2.83.4-1 \|\| =2.83.5-1 \|\| =2.84.0-1 \|\| =2.84.0-2 \|\| =2.84.1-1 \|\| =2.84.1-2 \|\| =2.84.1-3 \|\| =2.84.2-1 \|\| =2.84.3-1 \|\| =2.84.4-1 \|\| =2.84.4-2 \|\| =2.84.4-3 \|\| =2.84.4-3~deb13u1 \|\| =2.84.4-3~deb13u2 \|\| =2.84.4-3~deb13u3 \|\| =2.85.1-1 \|\| =2.85.1-2 \|\| =2.85.2-2 \|\| =2.85.3-1 \|\| =2.85.4-1 \|\| =2.86.0-1 \|\| =2.86.0-2 \|\| =2.86.0-3 \|\| =2.86.0-4 \|\| =2.86.0-5 \|\| =2.86.0-6 \|\| =2.86.0-7 \|\| =2.86.1-1 \|\| =2.86.1-2 \|\| =2.86.2-1 \|\| =2.86.3-1 \|\| =2.86.3-2 \|\| =2.86.3-3 \|\| =2.86.3-4 \|\| =2.86.3-5 \|\| =2.87.1-1 \|\| =2.87.2-1 \|\| =2.87.2-2 \|\| =2.87.2-3 \|\| =2.87.3-1 \|\| =2.87.3~gitlab0-1 \|\| =2.87.5-1 \|\| =2.88.0-1
debian 14	glib2.0	=2.84.3-1 \|\| =2.84.4-1 \|\| =2.84.4-2 \|\| =2.84.4-3 \|\| =2.84.4-3~deb13u1 \|\| =2.84.4-3~deb13u2 \|\| =2.84.4-3~deb13u3 \|\| =2.85.1-1 \|\| =2.85.1-2 \|\| =2.85.2-2 \|\| =2.85.3-1 \|\| =2.85.4-1 \|\| =2.86.0-1 \|\| =2.86.0-2 \|\| =2.86.0-3 \|\| =2.86.0-4 \|\| =2.86.0-5 \|\| =2.86.0-6 \|\| =2.86.0-7 \|\| =2.86.1-1 \|\| =2.86.1-2 \|\| =2.86.2-1 \|\| =2.86.3-1 \|\| =2.86.3-2 \|\| =2.86.3-3 \|\| =2.86.3-4 \|\| =2.86.3-5 \|\| =2.87.1-1 \|\| =2.87.2-1 \|\| =2.87.2-2 \|\| =2.87.2-3 \|\| =2.87.3-1 \|\| =2.87.3~gitlab0-1 \|\| =2.87.5-1 \|\| =2.88.0-1

Aliases

1. CVE-2012-00392. NVD-2012-00393. OSV-DEBIAN-2012-00394. OSV-2012-00395. SECURITY-TRACKER-CVE-2012-0039

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.