Bug 772720 (CVE-2012-0039)
Summary: | CVE-2012-0039 glib2: hash table collisions CPU usage DoS | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | herrold, mclasen, pachoramos1 |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-19 21:51:17 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 770929 |
Description
Vincent Danen
2012-01-09 19:08:46 UTC
The hash function implemented by g_str_hash is part of the documented api, and cannot just be changed. Every user of GHashTable is free to use its own hash functions, they are not hardwired at all. So I don't really see what fix there is in glib; if anything, it could offer an alternative string hash function. Do you know if upstream is discussing this further? It looks like previously they had called for a volunteer to implement it, and no one ever responded (it didn't sound like it was technically a no-no, just probably quite painful to do). I don't really know the best solution here, but we should perhaps get upstream involved in a conversation about how to deal with this (especially considering how old it is). Maybe it is something that we just cannot (reasonably) fix? |