1. CVE-Search
  2. CVE-2012-5371
ID CVE-2012-5371
Summary Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
References
Vulnerable Configurations
  • cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 29-08-2017 - 01:32)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
rpms
  • graphviz-0:2.26.0-10.el6
  • graphviz-debuginfo-0:2.26.0-10.el6
  • graphviz-devel-0:2.26.0-10.el6
  • graphviz-doc-0:2.26.0-10.el6
  • graphviz-gd-0:2.26.0-10.el6
  • graphviz-ruby-0:2.26.0-10.el6
  • openshift-console-0:0.0.16-1.el6op
  • openshift-origin-broker-0:1.0.11-1.el6op
  • openshift-origin-broker-util-0:1.0.15-1.el6op
  • openshift-origin-cartridge-cron-1.4-0:1.0.3-1.el6op
  • openshift-origin-cartridge-diy-0.1-0:1.0.3-1.el6op
  • openshift-origin-cartridge-haproxy-1.4-0:1.0.4-1.el6op
  • openshift-origin-cartridge-jbosseap-6.0-0:1.0.4-1.el6op
  • openshift-origin-cartridge-jbossews-1.0-0:1.0.13-1.el6op
  • openshift-origin-cartridge-jenkins-1.4-0:1.0.2-1.el6op
  • openshift-origin-cartridge-jenkins-client-1.4-0:1.0.2-1.el6op
  • openshift-origin-cartridge-mysql-5.1-0:1.0.5-1.el6op
  • openshift-origin-cartridge-perl-5.10-0:1.0.3-1.el6op
  • openshift-origin-cartridge-php-5.3-0:1.0.5-1.el6op
  • openshift-origin-cartridge-postgresql-8.4-0:1.0.3-2.el6op
  • openshift-origin-cartridge-ruby-1.8-0:1.0.7-1.el6op
  • openshift-origin-cartridge-ruby-1.9-scl-0:1.0.8-1.el6op
  • openshift-origin-msg-node-mcollective-0:1.0.3-1.el6op
  • php-bcmath-0:5.3.3-22.el6
  • php-debuginfo-0:5.3.3-22.el6
  • php-devel-0:5.3.3-22.el6
  • php-imap-0:5.3.3-22.el6
  • php-mbstring-0:5.3.3-22.el6
  • php-process-0:5.3.3-22.el6
  • ruby193-ruby-0:1.9.3.327-25.el6
  • ruby193-ruby-debuginfo-0:1.9.3.327-25.el6
  • ruby193-ruby-devel-0:1.9.3.327-25.el6
  • ruby193-ruby-doc-0:1.9.3.327-25.el6
  • ruby193-ruby-irb-0:1.9.3.327-25.el6
  • ruby193-ruby-libs-0:1.9.3.327-25.el6
  • ruby193-ruby-tcltk-0:1.9.3.327-25.el6
  • ruby193-rubygem-actionpack-1:3.2.8-3.el6
  • ruby193-rubygem-actionpack-doc-1:3.2.8-3.el6
  • ruby193-rubygem-activemodel-0:3.2.8-2.el6
  • ruby193-rubygem-activemodel-doc-0:3.2.8-2.el6
  • ruby193-rubygem-activerecord-1:3.2.8-3.el6
  • ruby193-rubygem-activerecord-doc-1:3.2.8-3.el6
  • ruby193-rubygem-bigdecimal-0:1.1.0-25.el6
  • ruby193-rubygem-io-console-0:0.3-25.el6
  • ruby193-rubygem-json-0:1.5.4-25.el6
  • ruby193-rubygem-minitest-0:2.5.1-25.el6
  • ruby193-rubygem-railties-0:3.2.8-2.el6
  • ruby193-rubygem-railties-doc-0:3.2.8-2.el6
  • ruby193-rubygem-rake-0:0.9.2.2-25.el6
  • ruby193-rubygem-rdoc-0:3.9.4-25.el6
  • ruby193-rubygem-ruby_parser-0:2.3.1-3.el6op
  • ruby193-rubygem-ruby_parser-doc-0:2.3.1-3.el6op
  • ruby193-rubygems-0:1.8.23-25.el6
  • ruby193-rubygems-devel-0:1.8.23-25.el6
  • rubygem-actionpack-1:3.0.13-4.el6op
  • rubygem-activemodel-0:3.0.13-3.el6op
  • rubygem-activemodel-doc-0:3.0.13-3.el6op
  • rubygem-activerecord-1:3.0.13-5.el6op
  • rubygem-bson-0:1.8.1-2.el6op
  • rubygem-mongo-0:1.8.1-2.el6op
  • rubygem-mongo-doc-0:1.8.1-2.el6op
  • rubygem-openshift-origin-auth-remote-user-0:1.0.5-1.el6op
  • rubygem-openshift-origin-console-0:1.0.10-1.el6op
  • rubygem-openshift-origin-console-doc-0:1.0.10-1.el6op
  • rubygem-openshift-origin-controller-0:1.0.12-1.el6op
  • rubygem-openshift-origin-node-0:1.0.11-1.el6op
  • rubygem-ruby_parser-0:2.0.4-6.el6op
  • rubygem-ruby_parser-doc-0:2.0.4-6.el6op
refmap via4
bid 56484
confirm
misc
osvdb 87280
sectrack 1027747
secunia 51253
ubuntu USN-1733-1
xf ruby-hash-function-dos(79993)
Last major update 29-08-2017 - 01:32
Published 28-11-2012 - 13:03
Last modified 29-08-2017 - 01:32
Back to Top