ID |
CVE-2012-5371
|
Summary |
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
-
cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
-
cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
-
cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
-
cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
-
cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
-
cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
-
cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
-
cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
|
CVSS |
Base: | 5.0 (as of 29-08-2017 - 01:32) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-310 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
NONE |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
redhat
via4
|
rpms | - graphviz-0:2.26.0-10.el6
- graphviz-debuginfo-0:2.26.0-10.el6
- graphviz-devel-0:2.26.0-10.el6
- graphviz-doc-0:2.26.0-10.el6
- graphviz-gd-0:2.26.0-10.el6
- graphviz-ruby-0:2.26.0-10.el6
- openshift-console-0:0.0.16-1.el6op
- openshift-origin-broker-0:1.0.11-1.el6op
- openshift-origin-broker-util-0:1.0.15-1.el6op
- openshift-origin-cartridge-cron-1.4-0:1.0.3-1.el6op
- openshift-origin-cartridge-diy-0.1-0:1.0.3-1.el6op
- openshift-origin-cartridge-haproxy-1.4-0:1.0.4-1.el6op
- openshift-origin-cartridge-jbosseap-6.0-0:1.0.4-1.el6op
- openshift-origin-cartridge-jbossews-1.0-0:1.0.13-1.el6op
- openshift-origin-cartridge-jenkins-1.4-0:1.0.2-1.el6op
- openshift-origin-cartridge-jenkins-client-1.4-0:1.0.2-1.el6op
- openshift-origin-cartridge-mysql-5.1-0:1.0.5-1.el6op
- openshift-origin-cartridge-perl-5.10-0:1.0.3-1.el6op
- openshift-origin-cartridge-php-5.3-0:1.0.5-1.el6op
- openshift-origin-cartridge-postgresql-8.4-0:1.0.3-2.el6op
- openshift-origin-cartridge-ruby-1.8-0:1.0.7-1.el6op
- openshift-origin-cartridge-ruby-1.9-scl-0:1.0.8-1.el6op
- openshift-origin-msg-node-mcollective-0:1.0.3-1.el6op
- php-bcmath-0:5.3.3-22.el6
- php-debuginfo-0:5.3.3-22.el6
- php-devel-0:5.3.3-22.el6
- php-imap-0:5.3.3-22.el6
- php-mbstring-0:5.3.3-22.el6
- php-process-0:5.3.3-22.el6
- ruby193-ruby-0:1.9.3.327-25.el6
- ruby193-ruby-debuginfo-0:1.9.3.327-25.el6
- ruby193-ruby-devel-0:1.9.3.327-25.el6
- ruby193-ruby-doc-0:1.9.3.327-25.el6
- ruby193-ruby-irb-0:1.9.3.327-25.el6
- ruby193-ruby-libs-0:1.9.3.327-25.el6
- ruby193-ruby-tcltk-0:1.9.3.327-25.el6
- ruby193-rubygem-actionpack-1:3.2.8-3.el6
- ruby193-rubygem-actionpack-doc-1:3.2.8-3.el6
- ruby193-rubygem-activemodel-0:3.2.8-2.el6
- ruby193-rubygem-activemodel-doc-0:3.2.8-2.el6
- ruby193-rubygem-activerecord-1:3.2.8-3.el6
- ruby193-rubygem-activerecord-doc-1:3.2.8-3.el6
- ruby193-rubygem-bigdecimal-0:1.1.0-25.el6
- ruby193-rubygem-io-console-0:0.3-25.el6
- ruby193-rubygem-json-0:1.5.4-25.el6
- ruby193-rubygem-minitest-0:2.5.1-25.el6
- ruby193-rubygem-railties-0:3.2.8-2.el6
- ruby193-rubygem-railties-doc-0:3.2.8-2.el6
- ruby193-rubygem-rake-0:0.9.2.2-25.el6
- ruby193-rubygem-rdoc-0:3.9.4-25.el6
- ruby193-rubygem-ruby_parser-0:2.3.1-3.el6op
- ruby193-rubygem-ruby_parser-doc-0:2.3.1-3.el6op
- ruby193-rubygems-0:1.8.23-25.el6
- ruby193-rubygems-devel-0:1.8.23-25.el6
- rubygem-actionpack-1:3.0.13-4.el6op
- rubygem-activemodel-0:3.0.13-3.el6op
- rubygem-activemodel-doc-0:3.0.13-3.el6op
- rubygem-activerecord-1:3.0.13-5.el6op
- rubygem-bson-0:1.8.1-2.el6op
- rubygem-mongo-0:1.8.1-2.el6op
- rubygem-mongo-doc-0:1.8.1-2.el6op
- rubygem-openshift-origin-auth-remote-user-0:1.0.5-1.el6op
- rubygem-openshift-origin-console-0:1.0.10-1.el6op
- rubygem-openshift-origin-console-doc-0:1.0.10-1.el6op
- rubygem-openshift-origin-controller-0:1.0.12-1.el6op
- rubygem-openshift-origin-node-0:1.0.11-1.el6op
- rubygem-ruby_parser-0:2.0.4-6.el6op
- rubygem-ruby_parser-doc-0:2.0.4-6.el6op
|
|
refmap
via4
|
bid | 56484 | confirm | | misc | | osvdb | 87280 | sectrack | 1027747 | secunia | 51253 | ubuntu | USN-1733-1 | xf | ruby-hash-function-dos(79993) |
|
Last major update |
29-08-2017 - 01:32 |
Published |
28-11-2012 - 13:03 |
Last modified |
29-08-2017 - 01:32 |