VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Nov 28, 2012· Updated Apr 29, 2026

CVE-2012-2739

CVE-2012-2739

Description

Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Affected products

15
  • Oracle Corporation/Jdk6 versions
    cpe:2.3:a:oracle:jdk:*:update5:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:oracle:jdk:*:update5:*:*:*:*:*:*range: <=1.7.0
    • cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
  • Oracle Corporation/Jre6 versions
    cpe:2.3:a:oracle:jre:*:update5:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:oracle:jre:*:update5:*:*:*:*:*:*range: <=1.7.0
    • cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
  • Oracle Corporation/Openjdk3 versions
    cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*range: <=1.7.0
    • cpe:2.3:a:oracle:openjdk:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:openjdk:1.8.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.