Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hashtbl is vulnerable to collision-based DOS attack (CVE-2012-0839) #5572

vicuna opened this issue Apr 3, 2012 · 2 comments


None yet
2 participants
Copy link

commented Apr 3, 2012

Original bug ID: 5572
Reporter: @xavierleroy
Assigned to: @xavierleroy
Status: closed (set by @xavierleroy on 2013-08-31T10:49:03Z)
Resolution: fixed
Priority: normal
Severity: major
Version: 3.12.1
Target version: 4.00.0+dev
Fixed in version: 4.00.0+dev
Category: standard library
Monitored by: @glondu

Bug description

This PR is intended to document vulnerability CVE-2012-0839 and its resolution.

Summary: up to OCaml 3.12.1 included, hash tables as implemented by the Hashtbl stdlib module use a fixed hash function. This opens the way to a denial-of-service attack on Web-facing and other security-sensitive applications, whereas the attacker sends a series of requests crafted to cause many collisions in a hash table and therefore slow down the application.



This comment has been minimized.

Copy link

commented Apr 3, 2012

Comment author: @xavierleroy

The new hash table implementation (commit r11056), integrated in SVN trunk and in 4.00 branch, already supports diversification of hash tables via a randomly-chosen seed. However, the API doesn't make it easy enough to turn randomization on. I am currently revising the API.


This comment has been minimized.

Copy link

commented Apr 19, 2012

Comment author: @xavierleroy

Fixed in 4.00 branch (commit 12383) and in trunk (12384).

For the record, the resolution is as follows:

  • Added an optional parameter "~random" to Hashtbl.create. If "~random:true" is given, the table uses a randomly-generated seed to diversify the hash function and make collisions hard to predict. If "~random:false" is given, the table uses a fixed hash function.
  • If no ~random parameter is given, the default is "false" (no randomization). This default can be changed to "true" by either calling "Hashtbl.randomize()" at program initialization time, or setting the "R" parameter in the OCAMLRUNPARAM environment variable before program start-up.

The net effect is to keep hash tables deterministic by default (for backward compatibility), but make it very easy to select randomization, either programmatically or via a run-time parameter.

@vicuna vicuna closed this Aug 31, 2013

@vicuna vicuna added the stdlib label Mar 14, 2019

@vicuna vicuna added this to the 4.00.0 milestone Mar 14, 2019

@vicuna vicuna added the bug label Mar 20, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.