Vulnerabilities > CVE-2021-37606 - Information Exposure Through Discrepancy vulnerability in Meow Hash Project Meow Hash 0.5

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

meow-hash-project

CWE-203

NVD

Published: 2021-07-30

Updated: 2023-08-08

Summary

Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack against a long-running web service that allows the attacker to infer collisions by measuring timing differences.

Vulnerable Configurations

Part	Description	Count
Application	Meow_Hash_Project Meow Hash Project Meow Hash 0.5	1

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://peter.website/meow-hash-cryptanalysis
https://news.ycombinator.com/item?id=27978878