cve/2012/CVE-2012-0039.md

### [CVE-2012-0039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0039)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/11notes/docker-paperless-ngx
- https://github.com/Live-Hack-CVE/CVE-2012-0039
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2012-0039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0039)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00
			`### Description`

Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00
			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/11notes/docker-paperless-ngx`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/Live-Hack-CVE/CVE-2012-0039`