CVE-2011-5037

Google V8 - Denial of Service via Predictable Hash Collisions in Form Parameter Handling

Title source: llm
STIX 2.1

Description

Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js.

References (4)

Core 4
Core References
Various Sources x_refsource_misc
http://www.nruns.com/_downloads/advisory28122011.pdf
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/903934
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
Various Sources x_refsource_misc
http://www.ocert.org/advisories/ocert-2011-003.html

Scores

EPSS 0.0153
EPSS Percentile 71.8%

Details

CWE
CWE-20
Status published
Products (1)
google/v8
Published Dec 30, 2011
Tracked Since Feb 18, 2026