exploitDog

CVE-2021-37606

Опубликовано: 30 июл. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack against a long-running web service that allows the attacker to infer collisions by measuring timing differences.

Ссылки

https://news.ycombinator.com/item?id=27978878
Third Party Advisory
https://peter.website/meow-hash-cryptanalysis
Third Party Advisory
https://news.ycombinator.com/item?id=27978878
Third Party Advisory
https://peter.website/meow-hash-cryptanalysis
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:meow_hash_project:meow_hash:0.5:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00166

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-203

Связанные уязвимости

GHSA-gg5h-j88q-crj5

CVSS3: 5.3

github

больше 3 лет назад

Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack against a long-running web service that allows the attacker to infer collisions by measuring timing differences.

EPSS

Процентиль: 38%

0.00166

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-203