Google Groups

Re: [nodejs] HOLY CRAP. nearly all nodejs http servers are vulnerable to DoS and apparently, the V8 guys seem to not care much


Phoscur Dec 28, 2011 9:08 PM
Posted in group: nodejs
These guys exploit the worstcase runtime of a hashtable, is it possible
to avoid this case by checking for too many collisions on each insert?

Am 29.12.2011 01:47, schrieb Jann Horn:
> http://www.youtube.com/watch?v=R2Cq3CLI6H8
>
> Technical explaination 0m-19m or so, part about nodejs at 40m or so.
>
> Basically, because v8 uses weak hashes for objects, you can fill up
> one slot of the hashtable with many entries, e.g. using a POST
> containing a querystring with many keys with the same hash. Operating
> on those keys (inserting and reading) then becomes slow as hell which
> allows you to bring a nodejs server to 100% CPU usage for a long time
> (blocking the event loop completely) with one moderately large POST
> request. This is bad.
>
> Those guys say they told Google October 18th, they got through to the
> v8 guys in November, and they said they don't care sooo much about DoS
> attacks on v8 because they're mainly interested in browserside stuff.
>
> This is bad for us.
>