CVE-2021-37606

Name of the Vulnerable Software and Affected Versions Meow hash version 0.5/calico

Description The issue concerns a weakness in Meow hash 0.5/calico that allows an attacker to recover keys by querying whether there's a collision in the bottom bits of the hashes of two messages. This is demonstrated through an attack on a long-running web service, where the attacker can infer collisions by measuring timing differences.

Recommendations For Meow hash version 0.5/calico, at the moment, there is no information about a newer version that contains a fix for this vulnerability.