Lucene search

[email protected]CVE-2011-5037

HistoryDec 30, 2011 - 1:55 a.m.

CVE-2011-5037

2011-12-3001:55:01

CWE-20

[email protected]

web.nvd.nist.gov

cve-2011-5037

google v8

hash collision

denial of service

cpu consumption

node.js

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.6%

JSON

Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js.

Affected configurations

NVD

Node

googlev8

CPENameOperatorVersion
google:v8google v8eq*

CPE	Name	Operator	Version
google:v8	google v8	eq	*

References

archives.neohapsis.com/archives/bugtraq/2011-12/0181.html

www.kb.cert.org/vuls/id/903934

www.nruns.com/_downloads/advisory28122011.pdf

www.ocert.org/advisories/ocert-2011-003.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.6%

JSON

Related for CVE-2011-5037

cvelist1 ubuntucve1 nvd1 prion1 nessus2 openvas2 freebsd1