Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2012-5371
HistoryNov 28, 2012 - 11:00 a.m.

CVE-2012-5371

2012-11-2811:00:00
mitre
www.cve.org
5

AI Score

6.9

Confidence

High

EPSS

0.02

Percentile

88.9%

JSON

Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.

Related

ubuntucve 2
cve 3
nvd 3
prion 2
rubygems 2
openvas 45
debian 2
nessus 31
osv 2
fedora 8
slackware 1
freebsd 2
veracode 2
seebug 2
centos 2
amazon 1
oraclelinux 2
jvn 1
redhat 3
securityvulns 6
cvelist 1
ubuntu 2
gentoo 1
cert 1
ubuntucve
ubuntucve
CVE-2012-5371
2012-11-28 00:00:00
CVE-2011-4815
2011-12-29 00:00:00
cve
cve
CVE-2012-5371
2012-11-28 13:03:10
CVE-2011-4815
2011-12-30 01:55:01
CVE-2011-5371
2022-10-03 16:15:12
nvd
nvd
CVE-2012-5371
2012-11-28 13:03:10
CVE-2011-4815
2011-12-30 01:55:01
CVE-2011-5371
2012-11-28 00:55:01
prion
prion
Design/Logic Flaw
2012-11-28 13:03:00
Code injection
2011-12-30 01:55:00
rubygems
rubygems
CVE-2012-5371 ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
2012-11-22 20:00:00
CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003)
2011-12-27 20:00:00
openvas
openvas
Debian: Security Advisory (DLA-263-1)
2023-03-08 00:00:00
Slackware: Security Advisory (SSA:2012-341-04)
2022-04-21 00:00:00
FreeBSD Ports: ruby
2012-11-26 00:00:00
debian
debian
[SECURITY] [DLA 263-1] ruby1.9.1 security update
2015-07-01 10:09:26
[SECURITY] [DLA 88-1] ruby1.8 security update
2014-11-21 15:18:14
nessus
nessus
Debian DLA-263-1 : ruby1.9.1 security update
2015-07-02 00:00:00
FreeBSD : ruby -- Hash-flooding DoS vulnerability for ruby 1.9 (5e647ca3-2aea-11e2-b745-001fd0af1a4c)
2012-11-12 00:00:00
Fedora 18 : ruby-1.9.3.327-22.fc18 (2012-17949)
2012-11-26 00:00:00
osv
osv
ruby1.9.1 - security update
2015-07-01 00:00:00
ruby1.8 - security update
2014-11-21 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: ruby-1.9.3.327-22.fc18
2012-11-23 07:52:57
[SECURITY] Fedora 16 Update: ruby-1.8.7.357-1.fc16
2012-01-11 06:06:56
[SECURITY] Fedora 15 Update: ruby-1.8.7.357-1.fc15
2012-01-11 06:14:53
slackware
slackware
[slackware-security] ruby
2012-12-07 03:51:38
freebsd
freebsd
ruby -- Hash-flooding DoS vulnerability for ruby 1.9
2012-11-10 00:00:00
Multiple implementations -- DoS via hash algorithm collision
2011-12-28 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:53:45
Denial Of Service (DoS)
2020-04-10 01:07:08
seebug
seebug
Ruby哈希冲突拒绝服务漏洞
2011-12-30 00:00:00
Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks
2011-12-29 00:00:00
centos
centos
ruby security update
2012-01-30 20:27:31
irb, ruby security update
2012-01-30 18:44:29
amazon
amazon
Important: ruby
2012-01-19 20:02:00
oraclelinux
oraclelinux
ruby security update
2012-01-30 00:00:00
ruby security update
2012-01-30 00:00:00
jvn
jvn
JVN#90615481: Ruby hash table implementation vulnerable to denial-of-service
2012-07-06 00:00:00
redhat
redhat
(RHSA-2012:0069) Moderate: ruby security update
2012-01-30 00:00:00
(RHSA-2012:0070) Moderate: ruby security update
2012-01-30 00:00:00
(RHSA-2013:0582) Moderate: Red Hat OpenShift Enterprise 1.1.1 update
2013-02-28 00:00:00
securityvulns
securityvulns
n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table
2012-01-02 00:00:00
Ruby multiple security vulnerabilities
2013-02-24 00:00:00
[USN-1733-1] Ruby vulnerabilities
2013-02-24 00:00:00
cvelist
cvelist
CVE-2011-4815
2011-12-30 01:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2013-02-21 00:00:00
Ruby vulnerabilities
2012-02-28 00:00:00
gentoo
gentoo
Ruby: Denial of service
2014-12-13 00:00:00
cert
cert
Hash table implementations vulnerable to algorithmic complexity attacks
2011-12-28 00:00:00

AI Score

6.9

Confidence

High

EPSS

0.02

Percentile

88.9%

JSON
Related for CVELIST:CVE-2012-5371
ubuntucve2cve3nvd3prion2rubygems2openvas45debian2nessus31osv2fedora8slackware1freebsd2veracode2seebug2centos2amazon1oraclelinux2jvn1redhat3securityvulns6cvelist1ubuntu2gentoo1cert1