V8 JavaScript Engine Hash Collision Denial Of Service Vulnerability

Bugtraq ID:	51235
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2011-5037
Remote:	Yes
Local:	No
Published:	Jan 03 2012 12:00AM
Updated:	Jan 03 2012 12:00AM
Credit:	Alexander Klink, n.runs AG and Julian Wälde, Technische Universität Darmstadt
Vulnerable:	Google V8 JavaScript Engine 0
Not Vulnerable:

V8 JavaScript Engine Hash Collision Denial Of Service Vulnerability

V8 JavaScript Engine is prone to a denial-of-service vulnerability.

An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests.

Successful exploits will allow attackers to cause a denial-of-service condition.

V8 JavaScript Engine Hash Collision Denial Of Service Vulnerability

An attacker can use readily available tools to exploit this issue.

V8 JavaScript Engine Hash Collision Denial Of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

V8 JavaScript Engine Hash Collision Denial Of Service Vulnerability

References:

• V8 JavaScript Engine Homepage (Google)
  
• Denial of Service through hash table multi-collisions (n.runs AG)
  
• Hash table implementations vulnerable to algorithmic complexity attacks (Alexander Klink)
  
• multiple implementations denial-of-service via hash algorithm collision (Alexander Klink)