OCaml 3.12.1 and earlier computes hash values without restricting the
ability to trigger hash collisions predictably, which allows
context-dependent attackers to cause a denial of service (CPU consumption)
via crafted input to an application that maintains a hash table.
mdeslaur> New randomization turned off by default and must be specifically
mdeslaur> turned on by application. See upstream bug report.
mdeslaur> Downgrading severity to low, since upstream won't change default
Updated: 2017-04-14 08:14:50 UTC (commit 12390)