Denial of Service Vulnerability in Google V8 by Google
CVE-2011-5037

Currently unrated

Key Information:

Vendor: Google
Status: V8
Vendor: CVE Published:; 30 December 2011

Summary

The vulnerability in Google V8 arises from the improper handling of hash values for form parameters. This flaw allows attackers to exploit predictable hash collisions, which can lead to excessive CPU consumption and service denial. By crafting specific parameters, remote attackers can induce a denial of service, severely impacting the performance and availability of applications that rely on the V8 engine, such as those built on Node.js.

References

http://www.nruns.com/_downloads/advisory28122011.pdf

x_refsource_MISC

http://www.kb.cert.org/vuls/id/903934

third-party-advisoryx_refsource_CERT-VN

http://archives.neohapsis.com/archives/bugtraq/2011-12/01...

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Dec 30, 2011
Vulnerability Reserved
Dec 29, 2011