Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2012-5371
HistoryNov 28, 2012 - 1:03 p.m.

CVE-2012-5371

2012-11-2813:03:10
CWE-310
[email protected]
web.nvd.nist.gov
6

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

8.3

Confidence

High

EPSS

0.02

Percentile

88.9%

JSON

Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.

Affected configurations

NVD
Node
ruby-langrubyRange1.9.3p286
OR
ruby-langrubyMatch1.9
OR
ruby-langrubyMatch1.9.1
OR
ruby-langrubyMatch1.9.2
OR
ruby-langrubyMatch1.9.3
OR
ruby-langrubyMatch1.9.3p0
OR
ruby-langrubyMatch1.9.3p125
OR
ruby-langrubyMatch1.9.3p194
OR
ruby-langrubyMatch2.0

Related

cve 3
ubuntucve 2
prion 2
cvelist 2
rubygems 2
openvas 45
debian 2
osv 2
nessus 31
fedora 8
slackware 1
nvd 2
freebsd 2
veracode 2
centos 2
amazon 1
oraclelinux 2
jvn 1
seebug 2
redhat 3
securityvulns 6
ubuntu 2
gentoo 1
cert 1
cve
cve
CVE-2012-5371
2012-11-28 13:03:10
CVE-2011-4815
2011-12-30 01:55:01
CVE-2011-5371
2022-10-03 16:15:12
ubuntucve
ubuntucve
CVE-2012-5371
2012-11-28 00:00:00
CVE-2011-4815
2011-12-29 00:00:00
prion
prion
Design/Logic Flaw
2012-11-28 13:03:00
Code injection
2011-12-30 01:55:00
cvelist
cvelist
CVE-2012-5371
2012-11-28 11:00:00
CVE-2011-4815
2011-12-30 01:00:00
rubygems
rubygems
CVE-2012-5371 ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
2012-11-22 20:00:00
CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003)
2011-12-27 20:00:00
openvas
openvas
Debian: Security Advisory (DLA-263-1)
2023-03-08 00:00:00
FreeBSD Ports: ruby
2012-11-26 00:00:00
Slackware: Security Advisory (SSA:2012-341-04)
2022-04-21 00:00:00
debian
debian
[SECURITY] [DLA 263-1] ruby1.9.1 security update
2015-07-01 10:09:26
[SECURITY] [DLA 88-1] ruby1.8 security update
2014-11-21 15:18:14
osv
osv
ruby1.9.1 - security update
2015-07-01 00:00:00
ruby1.8 - security update
2014-11-21 00:00:00
nessus
nessus
Debian DLA-263-1 : ruby1.9.1 security update
2015-07-02 00:00:00
FreeBSD : ruby -- Hash-flooding DoS vulnerability for ruby 1.9 (5e647ca3-2aea-11e2-b745-001fd0af1a4c)
2012-11-12 00:00:00
Fedora 18 : ruby-1.9.3.327-22.fc18 (2012-17949)
2012-11-26 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: ruby-1.9.3.327-22.fc18
2012-11-23 07:52:57
[SECURITY] Fedora 16 Update: ruby-1.8.7.357-1.fc16
2012-01-11 06:06:56
[SECURITY] Fedora 15 Update: ruby-1.8.7.357-1.fc15
2012-01-11 06:14:53
slackware
slackware
[slackware-security] ruby
2012-12-07 03:51:38
nvd
nvd
CVE-2011-4815
2011-12-30 01:55:01
CVE-2011-5371
2012-11-28 00:55:01
freebsd
freebsd
ruby -- Hash-flooding DoS vulnerability for ruby 1.9
2012-11-10 00:00:00
Multiple implementations -- DoS via hash algorithm collision
2011-12-28 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:53:45
Denial Of Service (DoS)
2020-04-10 01:07:08
centos
centos
ruby security update
2012-01-30 20:27:31
irb, ruby security update
2012-01-30 18:44:29
amazon
amazon
Important: ruby
2012-01-19 20:02:00
oraclelinux
oraclelinux
ruby security update
2012-01-30 00:00:00
ruby security update
2012-01-30 00:00:00
jvn
jvn
JVN#90615481: Ruby hash table implementation vulnerable to denial-of-service
2012-07-06 00:00:00
seebug
seebug
Ruby哈希冲突拒绝服务漏洞
2011-12-30 00:00:00
Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks
2011-12-29 00:00:00
redhat
redhat
(RHSA-2012:0069) Moderate: ruby security update
2012-01-30 00:00:00
(RHSA-2012:0070) Moderate: ruby security update
2012-01-30 00:00:00
(RHSA-2013:0582) Moderate: Red Hat OpenShift Enterprise 1.1.1 update
2013-02-28 00:00:00
securityvulns
securityvulns
n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table
2012-01-02 00:00:00
Ruby multiple security vulnerabilities
2013-02-24 00:00:00
[USN-1733-1] Ruby vulnerabilities
2013-02-24 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2013-02-21 00:00:00
Ruby vulnerabilities
2012-02-28 00:00:00
gentoo
gentoo
Ruby: Denial of service
2014-12-13 00:00:00
cert
cert
Hash table implementations vulnerable to algorithmic complexity attacks
2011-12-28 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

8.3

Confidence

High

EPSS

0.02

Percentile

88.9%

JSON
Related for NVD:CVE-2012-5371
cve3ubuntucve2prion2cvelist2rubygems2openvas45debian2osv2nessus31fedora8slackware1nvd2freebsd2veracode2centos2amazon1oraclelinux2jvn1seebug2redhat3securityvulns6ubuntu2gentoo1cert1