Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:90615481
HistoryJul 06, 2012 - 12:00 a.m.

JVN#90615481: Ruby hash table implementation vulnerable to denial-of-service

2012-07-0600:00:00
Japan Vulnerability Notes
jvn.jp
15

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.02 Low

EPSS

Percentile

88.7%

JSON

The hash table implementation in Ruby contains an issue, where it may intentionally create a series of strings whose hash values collide. As a result, a denial-of-service (DoS) attack may be conducted.

Impact

When processing a series of specially crafted strings, a denial-of-service (DoS) may occur.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Products Affected

  • Ruby versions prior to 1.8.7-p357
  • Ruby 1.9.x versions prior to 1.9.1

Related

openvas 31
nessus 23
seebug 2
securityvulns 3
fedora 3
cve 2
centos 2
amazon 1
oraclelinux 2
prion 2
veracode 1
redhat 2
ubuntucve 2
rubygems 2
debian 2
osv 2
freebsd 1
cert 1
ubuntu 1
gentoo 1
openvas
openvas
RedHat Update for ruby RHSA-2012:0069-01
2012-07-09 00:00:00
Mandriva Update for ruby MDVSA-2012:024 (ruby)
2012-03-07 00:00:00
RedHat Update for ruby RHSA-2012:0069-01
2012-07-09 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : ruby (MDVSA-2012:024)
2012-02-29 00:00:00
Oracle Linux 6 : ruby (ELSA-2012-0069)
2013-07-12 00:00:00
Oracle Solaris Third-Party Patch Update : ruby (cve_2011_4815_denial_of)
2015-01-19 00:00:00
seebug
seebug
Ruby哈希冲突拒绝服务漏洞
2011-12-30 00:00:00
Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks
2011-12-29 00:00:00
securityvulns
securityvulns
n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table
2012-01-02 00:00:00
[oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision
2012-01-02 00:00:00
Apple Mac OS X multiple security vulnerabilities
2012-08-20 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: ruby-1.8.7.357-1.fc16
2012-01-11 06:06:56
[SECURITY] Fedora 15 Update: ruby-1.8.7.357-1.fc15
2012-01-11 06:14:53
[SECURITY] Fedora 16 Update: ruby-1.8.7.358-4.fc16
2012-10-14 03:52:43
cve
cve
CVE-2011-4815
2011-12-30 01:55:00
CVE-2012-5371
2012-11-28 13:03:00
centos
centos
ruby security update
2012-01-30 20:27:31
irb, ruby security update
2012-01-30 18:44:29
amazon
amazon
Important: ruby
2012-01-19 20:02:00
oraclelinux
oraclelinux
ruby security update
2012-01-30 00:00:00
ruby security update
2012-01-30 00:00:00
prion
prion
Code injection
2011-12-30 01:55:00
Design/Logic Flaw
2012-11-28 13:03:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:07:08
redhat
redhat
(RHSA-2012:0069) Moderate: ruby security update
2012-01-30 00:00:00
(RHSA-2012:0070) Moderate: ruby security update
2012-01-30 00:00:00
ubuntucve
ubuntucve
CVE-2011-4815
2011-12-29 00:00:00
CVE-2012-5371
2012-11-28 00:00:00
rubygems
rubygems
CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003)
2011-12-27 20:00:00
CVE-2012-5371 ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
2012-11-22 20:00:00
debian
debian
[SECURITY] [DLA 263-1] ruby1.9.1 security update
2015-07-01 10:09:26
[SECURITY] [DLA 88-1] ruby1.8 security update
2014-11-21 15:18:14
osv
osv
ruby1.9.1 - security update
2015-07-01 00:00:00
ruby1.8 - security update
2014-11-21 00:00:00
freebsd
freebsd
Multiple implementations -- DoS via hash algorithm collision
2011-12-28 00:00:00
cert
cert
Hash table implementations vulnerable to algorithmic complexity attacks
2011-12-28 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2012-02-28 00:00:00
gentoo
gentoo
Ruby: Denial of service
2014-12-13 00:00:00

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.02 Low

EPSS

Percentile

88.7%

JSON
Related for JVN:90615481
openvas31nessus23seebug2securityvulns3fedora3cve2centos2amazon1oraclelinux2prion2veracode1redhat2ubuntucve2rubygems2debian2osv2freebsd1cert1ubuntu1gentoo1