Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: None
Affects Version/s: JWS 3.0.0 GA, JWS 3.0.3 DR3, JWS 3.0.3 ER1
Component/s: httpd
Labels:

Affects:

Release Notes
Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=1200324
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Release Note Text:

Hide
Similar to the denial of service flaw present in various programming languages' `hash` function usage, a flaw was found in `expat`.

A specially-crafted set of keys could trigger hash function collisions. This would degrade dictionary performance by changing hash table operations complexity from an expected/average O(1) to the worst case O(n). Reporters were able to find colliding strings efficiently using a meet in the middle attack.

This issue has been fixed in this release.

Show
Similar to the denial of service flaw present in various programming languages' `hash` function usage, a flaw was found in `expat`. A specially-crafted set of keys could trigger hash function collisions. This would degrade dictionary performance by changing hash table operations complexity from an expected/average O(1) to the worst case O(n). Reporters were able to find colliding strings efficiently using a meet in the middle attack. This issue has been fixed in this release.
Release Note Status:
Documented as Known Issue
Target Release:

JWS 3.1.0 GA

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Similar to the denial of service flaw present in various programming languages' hash function usage, a flaw was found in expat:

A specially-crafted set of keys could trigger hash function collisions, which
degrade dictionary performance by changing hash table operations complexity
from an expected/average O(1) to the worst case O. Reporters were able to
find colliding strings efficiently using meet in the middle attack.

This problem is similar to the issue that was previously reported for and fixed
in e.g. perl:
http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf

Assignee:: George Zaronikas

Reporter:: Tim Walsh (Inactive)

Tester:: Bogdan Sikora (Inactive)

Writer:: Lucas Costi (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2015/09/03 1:57 AM

Updated:: 2021/10/24 6:38 AM

Resolved:: 2018/11/15 4:07 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates