34 matches found
CLSA-2026-1777280127 cyrus-imapd: Fix of CVE-2021-33582
Fix CVE-2021-33582 - Denial of service via string hashing algorithm collisions...
CLSA-2026-1777279920 cyrus-imapd: Fix of CVE-2021-33582
Fix CVE-2021-33582 - Denial of service via string hashing algorithm collisions...
nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions
A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by...
nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions
A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by...
nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions
A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by...
BIT-NODE-MIN-2026-21717
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...
BIT-NODE-2026-21717
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...
CVE-2026-21717
A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by...
EUVD-2026-17182
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...
ALPINE-CVE-2026-21717
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...
UBUNTU-CVE-2026-21717
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...
CVE-2026-21717
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...
CVE-2026-21717
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...
Node.js 安全漏洞
Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Security vulnerabilities exist in Node.js versions 20.x, 22.x, 24.x, and 25.x. These vulnerabilities stem from issues with the V8 string hashing mechanism, which may lead to predictable ha...
MiracleLinux 8 : cyrus-imapd-3.0.7-20.el8.1 (AXSA:2021-2426:03)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2426:03 advisory. cyrus-imapd: Denial of service via string hashing algorithm collisions CVE-2021-33582 Tenable has extracted the preceding description block directly from the...
BIT-NODE-MIN-2025-27209
The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an attacker can generate collisions even witho...
CVE-2024-39702
In ljstrhash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function used during string interning allows HashDoS Hash Denial of Service attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service...
PT-2024-28641 · Openresty · Openresty
Name of the Vulnerable Software and Affected Versions: OpenResty versions 1.19.3.1 through 1.25.3.1 Description: The string hashing function in OpenResty allows HashDoS Hash Denial of Service attacks, which can cause excessive resource usage during proxy operations via crafted requests. This can...
CLSA-2023-1688678110 Fix CVE(s): CVE-2021-33582
SECURITY UPDATE: String hashing algorithm collisions - debian/patches/0021-CVE-2021-33582-pre.patch: gracefully handle lookup on zero-sized tables - debian/patches/0022-CVE-2021-33582.patch: replace ad-hoc algorithm with seeded djb2 and use it when hashing - CVE-2021-33582 Enable the internal cun...
Acheron - Indirect Syscalls For AV/EDR Evasion In Go Assembly
Acheron is a library inspired by SysWhisper3/FreshyCalls/RecycledGate, with most of the functionality implemented in Go assembly. acheron package can be used to add indirect syscall capabilities to your Golang tradecraft, to bypass AV/EDRs that makes use of usermode hooks and instrumentation...