CVE Vulnerabilities

CVE-2012-5371

Published: Nov 28, 2012 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.

Affected Software

Name Vendor Start Version End Version
Ruby Ruby-lang 2.0 2.0
Ruby Ruby-lang 1.9.2 1.9.2
Ruby Ruby-lang 1.9.1 1.9.1
Ruby Ruby-lang 1.9.3 1.9.3
Ruby Ruby-lang 1.9.3 1.9.3
Ruby Ruby-lang 1.9.3 1.9.3
Ruby Ruby-lang 1.9 1.9
Ruby Ruby-lang * 1.9.3
Ruby Ruby-lang 1.9.3 1.9.3

References