Upstream information

CVE-2011-5037 at MITRE

Description

Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entries: 739126 [RESOLVED / FIXED], 797599 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • libv8-5 >= 5.3.171-4.1
  • v8 >= 5.3.171-4.1
  • v8-devel >= 5.3.171-4.1
  • v8-private-headers-devel >= 5.3.171-4.1
Patchnames:
openSUSE Tumbleweed GA libv8-5