Overview
Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition.
Description
Many applications, including common web framework implementations, use hash tables to map key values to associated entries. If the hash table contains entries for different keys that map to the same hash value, a hash collision occurs and additional processing is required to determine which entry is appropriate for the key. If an attacker can generate many requests containing colliding key values, an application performing the hash table lookup may enter a denial of service condition. Hash collision denial-of-service attacks were first detailed in 2003, but recent research details how these attacks apply to modern language hash table implementations. |
Impact
An application can be forced into a denial-of-service condition. In the case of some web application servers, specially-crafted POST form data may result in a denial-of-service. |
Solution
Apply an update |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- |
| Temporal | 0 | E:ND/RL:ND/RC:ND |
| Environmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
Thanks to Alexander Klink and Julian Wälde for reporting these vulnerabilities.
This document was written by Jared Allar and David Warren.
Other Information
| CVE IDs: | CVE-2011-4815, CVE-2011-3414, CVE-2011-4838, CVE-2011-4885 |
| Severity Metric: | 10.80 |
| Date Public: | 2011-12-28 |
| Date First Published: | 2011-12-28 |
| Date Last Updated: | 2016-02-15 20:05 UTC |
| Document Revision: | 41 |