Actions
Security #7209
closedthash: random factor not used; possible abusive hash collisions
Git IDs:
26da953f6dad3793d29f27ce7ab6628a2db8f471
Severity:
CRITICAL
Disclosure Date:
Description
util-thash.c initializes a random factor, however, this is not used. I suspect the intention was to introduce some randomness.
Updated by Philippe Antoine 3 months ago
cf usage of StringHashDjb2 in ContainerUrlRangeHash, network traffic induced
Updated by Philippe Antoine 3 months ago
Updated by Victor Julien about 1 month ago
- Target version changed from TBD to 8.0.0-beta1
Updated by OISF Ticketbot about 1 month ago
- Label deleted (
Needs backport to 7.0)
Updated by Philippe Antoine about 1 month ago
git grep 5381 shows a lot of redefinition of StringHashDjb2
Updated by Philippe Antoine about 1 month ago
- Related to Optimization #3322: Use standard CRC32 for hash-like functions added
Updated by Victor Julien about 1 month ago
- Tracker changed from Bug to Security
- Assignee changed from OISF Dev to Philippe Antoine
- Severity set to CRITICAL
Updated by Juliana Fajardini Reichow about 1 month ago
- Related to Security #7289: http: missing hashtable random seed leads to potential DoS added
Updated by Juliana Fajardini Reichow about 1 month ago
- CVE set to 2024-47187
Updated by Philippe Antoine about 1 month ago
- Status changed from In Review to Closed
Actions