Published: 30/12/2011 Updated: 29/08/2017

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Ruby (aka CRuby) prior to 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ruby-lang ruby 1.8.7-p334
ruby-lang ruby 1.8.7-p330
ruby-lang ruby 1.8.7-p302
ruby-lang ruby 1.8.7-p299
ruby-lang ruby

Several security issues were fixed in ruby18 ...

Synopsis Moderate: ruby security update Type/Severity Security Advisory: Moderate Topic Updated ruby packages that fix one security issue are now available forRed Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerability Scoring ...

Synopsis Moderate: ruby security update Type/Severity Security Advisory: Moderate Topic Updated ruby packages that fix two security issues are now available forRed Hat Enterprise Linux 4 and 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability Sc ...

Debian Bug report logs - #800564 php5: trivial hash complexity DoS attack Package: php5-cli; Maintainer for php5-cli is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5-cli is src:php5 (PTS, buildd, popcon) Reported by: "brian m carlson" <sandals@crustytoothpastenet> Date: Wed, 30 Sep ...

Ruby (aka CRuby) before 187-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table ...

CWE-20 http://www.kb.cert.org/vuls/id/903934 http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606 http://www.ocert.org/advisories/ocert-2011-003.html http://www.nruns.com/_downloads/advisory28122011.pdf http://support.apple.com/kb/HT5281 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://secunia.com/advisories/47822 http://rhn.redhat.com/errata/RHSA-2012-0069.html http://secunia.com/advisories/47405 http://www.securitytracker.com/id?1026474 http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/http://rhn.redhat.com/errata/RHSA-2012-0070.html http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html http://jvn.jp/en/jp/JVN90615481/index.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72020 https://usn.ubuntu.com/1377-1/https://nvd.nist.gov https://www.kb.cert.org/vuls/id/903934

CVE-2011-4815

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect