CVE-2012-5371
Jean-Philippe Aumasson identified that Ruby computed hash values
without properly restricting the ability to trigger hash collisions
predictably, allowing context-dependent attackers to cause a denial
of service (CPU consumption). This is a different vulnerability than
CVE-2011-4815.
CVE-2013-0269
Thomas Hollstegge and Ben Murphy found that the JSON gem for Ruby
allowed remote attackers to cause a denial of service (resource
consumption) or bypass the mass assignment protection mechanism via
a crafted JSON document that triggers the creation of arbitrary Ruby
symbols or certain internal objects.

For the squeeze distribution, theses vulnerabilities have been fixed in
version 1.9.2.0-2+deb6u5 of ruby1.9.1. We recommend that you upgrade
your ruby1.9.1 package.

CPENameOperatorVersion
ruby1.9.1eq1.9.2.0-2+armhf
ruby1.9.1eq1.9.2.0-2

CPE	Name	Operator	Version
	ruby1.9.1	eq	1.9.2.0-2+armhf
	ruby1.9.1	eq	1.9.2.0-2

References

www.debian.org/lts/security/2015/dla-263

openvas 56

nessus 54

debian 4

cve 5

ubuntucve 4

prion 4

rubygems 5

ubuntu 2

securityvulns 5

fedora 10

slackware 2

freebsd 4

veracode 5

seebug 2

oraclelinux 2

jvn 1

amazon 7

centos 2

redhat 6

debiancve 2

hackerone 1

suse 5

osv 4

github 2

gentoo 1

alpinelinux 1

redhatcve 1

threatpost 1

cert 1

openvas

Debian: Security Advisory (DLA-263-1)

2023-03-08 00:00:00

Ubuntu Update for ruby1.9.1 USN-1733-1

2013-02-22 00:00:00

Ubuntu: Security Advisory (USN-1733-1)

2013-02-22 00:00:00

nessus

Debian DLA-263-1 : ruby1.9.1 security update

2015-07-02 00:00:00

Ubuntu 12.04 LTS / 12.10 : ruby1.9.1 vulnerabilities (USN-1733-1)

2013-02-22 00:00:00

FreeBSD : ruby -- Hash-flooding DoS vulnerability for ruby 1.9 (5e647ca3-2aea-11e2-b745-001fd0af1a4c)

2012-11-12 00:00:00

debian

[SECURITY] [DLA 263-1] ruby1.9.1 security update

2015-07-01 10:09:26

[SECURITY] [DLA 215-1] libjson-ruby security update

2015-04-30 16:34:41

[SECURITY] [DLA 2192-1] ruby2.1 security update

2020-04-30 22:01:47

cve

CVE-2012-5371

2012-11-28 13:03:00

CVE-2011-4815

2011-12-30 01:55:00

CVE-2013-0269

2013-02-13 01:55:00

ubuntucve

CVE-2012-5371

2012-11-28 00:00:00

CVE-2011-4815

2011-12-29 00:00:00

CVE-2013-0269

2013-02-12 00:00:00

prion

Design/Logic Flaw

2012-11-28 13:03:00

Code injection

2011-12-30 01:55:00

Sql injection

2013-02-13 01:55:00

rubygems

CVE-2012-5371 ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)

2012-11-22 20:00:00

CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003)

2011-12-27 20:00:00

CVE-2013-0269 rubygem-json: Denial of Service and SQL Injection

2013-02-11 20:00:00

ubuntu

Ruby vulnerabilities

2013-02-21 00:00:00

Ruby vulnerabilities

2012-02-28 00:00:00

securityvulns

Ruby multiple security vulnerabilities

2013-02-24 00:00:00

[USN-1733-1] Ruby vulnerabilities

2013-02-24 00:00:00

n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table

2012-01-02 00:00:00

fedora

[SECURITY] Fedora 18 Update: ruby-1.9.3.327-22.fc18

2012-11-23 07:52:57

[SECURITY] Fedora 16 Update: ruby-1.8.7.357-1.fc16

2012-01-11 06:06:56

[SECURITY] Fedora 18 Update: rubygem-json-1.6.8-1.fc18

2013-03-05 23:31:15

slackware

[slackware-security] ruby

2012-12-07 03:51:38

ruby

2013-03-16 01:11:53

freebsd

ruby -- Hash-flooding DoS vulnerability for ruby 1.9

2012-11-10 00:00:00

Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON

2013-02-11 00:00:00

rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix)

2020-03-19 00:00:00

veracode

Denial Of Service (DoS)

2019-05-02 04:53:45

Denial Of Service (DoS)

2020-04-10 01:07:08

Denial Of Service (DoS)

2020-03-23 03:14:43

seebug

Ruby哈希冲突拒绝服务漏洞

2011-12-30 00:00:00

Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks

2011-12-29 00:00:00

oraclelinux

ruby security update

2012-01-30 00:00:00

ruby security update

2012-01-30 00:00:00

jvn

JVN#90615481: Ruby hash table implementation vulnerable to denial-of-service

2012-07-06 00:00:00

amazon

Important: ruby

2012-01-19 20:02:00

Medium: rubygem-json

2020-08-26 23:09:00

Medium: ruby19, ruby21

2020-08-26 23:10:00

centos

ruby security update

2012-01-30 20:27:31

irb, ruby security update

2012-01-30 18:44:29

redhat

(RHSA-2012:0069) Moderate: ruby security update

2012-01-30 00:00:00

(RHSA-2012:0070) Moderate: ruby security update

2012-01-30 00:00:00

(RHSA-2013:0701) Moderate: ruby193-ruby, rubygem-json and rubygem-rdoc security update

2013-04-02 00:00:00

debiancve

CVE-2013-0269

2013-02-13 01:55:00

CVE-2020-10663

2020-04-28 21:15:00

hackerone

Ruby: Variant of CVE-2013-0269 (Denial of Service and Unsafe Object Creation Vulnerability in JSON)

2019-10-03 05:19:48

suse

Security update for rubygem-json_pure (important)

2013-04-03 20:08:23

Security update for rubygem-json_pure (important)

2013-04-09 19:04:58

Security update for rubygem-crack (important)

2013-04-03 20:13:42

osv

JSON gem has Improper Input Validation vulnerability

2017-10-24 18:33:37

CVE-2020-10663

2020-04-28 21:15:11

Unsafe object creation in json RubyGem

2020-07-27 18:08:21

github

JSON gem has Improper Input Validation vulnerability

2017-10-24 18:33:37

Unsafe object creation in json RubyGem

2020-07-27 18:08:21

gentoo

Ruby: Denial of service

2014-12-13 00:00:00

alpinelinux

CVE-2020-10663

2020-04-28 21:15:00

redhatcve

CVE-2020-10663

2020-04-24 04:33:39

threatpost

Ruby on Rails Patches DoS, Remote Execution Flaws

2013-02-13 17:51:57

cert

Hash table implementations vulnerable to algorithmic complexity attacks

2011-12-28 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

Related for OSV:DLA-263-1