CVE-2011-4815

2011-12-3001:55:01

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

8.2

Confidence

High

EPSS

0.02

Percentile

88.9%

JSON

Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Affected configurations

Nvd

Node

ruby-langrubyRange≤1.8.7-p352

ruby-langrubyMatch1.8.7-p299

ruby-langrubyMatch1.8.7-p302

ruby-langrubyMatch1.8.7-p330

ruby-langrubyMatch1.8.7-p334

VendorProductVersionCPE
ruby-langruby*cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
ruby-langruby1.8.7-p299cpe:2.3:a:ruby-lang:ruby:1.8.7-p299:*:*:*:*:*:*:*
ruby-langruby1.8.7-p302cpe:2.3:a:ruby-lang:ruby:1.8.7-p302:*:*:*:*:*:*:*
ruby-langruby1.8.7-p330cpe:2.3:a:ruby-lang:ruby:1.8.7-p330:*:*:*:*:*:*:*
ruby-langruby1.8.7-p334cpe:2.3:a:ruby-lang:ruby:1.8.7-p334:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ruby-lang	ruby	*	cpe:2.3:a:ruby-lang:ruby::::::::
ruby-lang	ruby	1.8.7-p299	cpe:2.3:a:ruby-lang:ruby:1.8.7-p299:::::::*
ruby-lang	ruby	1.8.7-p302	cpe:2.3:a:ruby-lang:ruby:1.8.7-p302:::::::*
ruby-lang	ruby	1.8.7-p330	cpe:2.3:a:ruby-lang:ruby:1.8.7-p330:::::::*
ruby-lang	ruby	1.8.7-p334	cpe:2.3:a:ruby-lang:ruby:1.8.7-p334:::::::*