Actions
Security #7289
closedhttp: missing hashtable random seed leads to potential DoS
Git IDs:
db5a7a2febf6a2a862809fabfd35d238d16d6386
Severity:
CRITICAL
Disclosure Date:
Description
Missing initialization of the random seed for "thash" leads to byte-range tracking having
predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket.
Updated by Juliana Fajardini Reichow 3 months ago
- Related to Security #7209: thash: random factor not used; possible abusive hash collisions added
Updated by Victor Julien 3 months ago
- Status changed from New to Resolved
- Assignee changed from OISF Dev to Philippe Antoine
Updated by Juliana Fajardini Reichow 3 months ago
- Severity changed from HIGH to CRITICAL
Updated by Juliana Fajardini Reichow 3 months ago
- CVE set to 2024-47188
Updated by Victor Julien 3 months ago
- Status changed from Resolved to Closed
- Git IDs updated (diff)
Actions