CVE-2011-4815

Published: Dec 30, 2011Modified: Apr 29, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Affected (5)

Products: Ruby Lang: Ruby

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ruby Lang Ruby	Up to 1.8.7-p352
Ruby Lang Ruby	Version 1.8.7-p299
Ruby Lang Ruby	Version 1.8.7-p302
Ruby Lang Ruby	Version 1.8.7-p330
Ruby Lang Ruby	Version 1.8.7-p334

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (32)

http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html

Source: cve@mitre.org

http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606

Source: cve@mitre.org

http://jvn.jp/en/jp/JVN90615481/index.html

Source: cve@mitre.org

http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2012-0069.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2012-0070.html

Source: cve@mitre.org

http://secunia.com/advisories/47405

Source: cve@mitre.org

http://secunia.com/advisories/47822

Source: cve@mitre.org

http://support.apple.com/kb/HT5281

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/903934

Source: cve@mitre.org

US Government Resource

http://www.nruns.com/_downloads/advisory28122011.pdf

Source: cve@mitre.org

http://www.ocert.org/advisories/ocert-2011-003.html

Source: cve@mitre.org

http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/

Source: cve@mitre.org

http://www.securitytracker.com/id?1026474

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/72020

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606

Source: af854a3a-2127-422b-91ae-364da2661108

http://jvn.jp/en/jp/JVN90615481/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2012-0069.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2012-0070.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/47405

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/47822

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT5281

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/903934

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.nruns.com/_downloads/advisory28122011.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ocert.org/advisories/ocert-2011-003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1026474

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/72020

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.