Node.js is vulnerable to hash flooding. Install security updates now! https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/ …
Here’s how hash flooding attacks work:
-
-
Replying to @mathias
Hash table insertions are O(1) in the best case, but O(n) in case of a hash collision. For n items, that’s O(n) vs. O(n²).
1 reply 2 retweets 13 likes -
Replying to @mathias
Hash flooding attacks trigger the worst-case scenario by sending precomputed data, where all keys hash to the same value.
1 reply 3 retweets 7 likes -
Replying to @mathias
If this data somehow gets inserted in a hash table on the server-side, the attack takes effect.
1 reply 1 retweet 4 likes -
Replying to @mathias
A handful of HTTP requests, each sending just a few KB of data, is enough to hang the server CPU for minutes.
1 reply 3 retweets 7 likes -
Replying to @mathias
This attack is possible when the attacker knows the hashing function (duh, open source) and the hashing seed used on the server (whoops!).
2 replies 4 retweets 10 likes -
Replying to @mathias
Thank you for the explanation! Is there a PoC script to test it anywhere? I wonder what makes a server affected / not to this vulnerability
1 reply 0 retweets 1 like -
Replying to @FlockonUS
All unpatched Node.js versions are affected. The linked blog post explains the cause nicely, IMHO:pic.twitter.com/Ftt2Il57sC
1 reply 6 retweets 14 likes -
Replying to @mathias @FlockonUS
I think
@FlockonUS was asking what the application has to do to be vulnerable1 reply 0 retweets 1 like
Anything that inserts user input into a hash table behind the scenes. E.g. require('querystring').parse(postBody)
-
-
Is there any example of the exploit? I would like to demo it so people will understand how serious it is :)
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.