Meow Hash · Meow Hash · CVE-2021-37606
**Name of the Vulnerable Software and Affected Versions**
Meow hash version 0.5/calico
**Description**
The issue concerns a weakness in Meow hash 0.5/calico that allows an attacker to recover keys by querying whether there's a collision in the bottom bits of the hashes of two messages. This is demonstrated through an attack on a long-running web service, where the attacker can infer collisions by measuring timing differences.
**Recommendations**
For Meow hash version 0.5/calico, at the moment, there is no information about a newer version that contains a fix for this vulnerability.