Actions
Security #7209
closed
JI
PA
thash: random factor not used; possible abusive hash collisions
Security #7209:
thash: random factor not used; possible abusive hash collisions
Git IDs:
26da953f6dad3793d29f27ce7ab6628a2db8f471
Severity:
CRITICAL
Disclosure Date:
Description
util-thash.c initializes a random factor, however, this is not used. I suspect the intention was to introduce some randomness.
PA Updated by Philippe Antoine over 1 year ago
cf usage of StringHashDjb2 in ContainerUrlRangeHash, network traffic induced
PA Updated by Philippe Antoine over 1 year ago
VJ Updated by Victor Julien over 1 year ago
- Label Needs backport to 7.0 added
VJ Updated by Victor Julien over 1 year ago
- Target version changed from TBD to 8.0.0-beta1
OT Updated by OISF Ticketbot over 1 year ago
- Subtask #7258 added
OT Updated by OISF Ticketbot over 1 year ago
- Label deleted (
Needs backport to 7.0)
PA Updated by Philippe Antoine over 1 year ago
git grep 5381 shows a lot of redefinition of StringHashDjb2
PA Updated by Philippe Antoine over 1 year ago
- Status changed from New to In Review
Gitlab POC
PA Updated by Philippe Antoine over 1 year ago
- Related to Optimization #3322: Use standard CRC32 for hash-like functions added
VJ Updated by Victor Julien over 1 year ago
- Tracker changed from Bug to Security
- Assignee changed from OISF Dev to Philippe Antoine
- Severity set to CRITICAL
JF Updated by Juliana Fajardini Reichow over 1 year ago
- Related to Security #7289: http: missing hashtable random seed leads to potential DoS added
JF Updated by Juliana Fajardini Reichow over 1 year ago
- CVE set to 2024-47187
PA Updated by Philippe Antoine over 1 year ago
- Status changed from In Review to Closed
PA Updated by Philippe Antoine over 1 year ago
- Git IDs updated (diff)
VJ Updated by Victor Julien over 1 year ago
- Private changed from Yes to No
Actions