CVE-2011-5037
Google V8 - Denial of Service via Predictable Hash Collisions in Form Parameter Handling
Title source: llmDescription
Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js.
References (4)
Core 4
Core References
Various Sources x_refsource_misc
http://www.nruns.com/_downloads/advisory28122011.pdf
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/903934
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
Various Sources x_refsource_misc
http://www.ocert.org/advisories/ocert-2011-003.html
Scores
EPSS
0.0153
EPSS Percentile
71.8%
Details
CWE
CWE-20
Status
published
Products (1)
google/v8
Published
Dec 30, 2011
Tracked Since
Feb 18, 2026