Lucene search

K
jvnJapan Vulnerability NotesJVN:90615481
HistoryJul 06, 2012 - 12:00 a.m.

JVN#90615481: Ruby hash table implementation vulnerable to denial-of-service

2012-07-0600:00:00
Japan Vulnerability Notes
jvn.jp
16

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.02 Low

EPSS

Percentile

88.9%

The hash table implementation in Ruby contains an issue, where it may intentionally create a series of strings whose hash values collide. As a result, a denial-of-service (DoS) attack may be conducted.

Impact

When processing a series of specially crafted strings, a denial-of-service (DoS) may occur.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Products Affected

  • Ruby versions prior to 1.8.7-p357
  • Ruby 1.9.x versions prior to 1.9.1

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.02 Low

EPSS

Percentile

88.9%