PT-2012-5955 · Ruby+1 · Ruby+1

Vincent Danen

Published

2012-11-28

Updated

2017-08-29

CVE-2012-5371

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Ruby versions 1.9 before 1.9.3-p327 Ruby versions 2.0 before r37575

Description The issue allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. This is demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm.

Recommendations For Ruby versions 1.9 before 1.9.3-p327, update to version 1.9.3-p327 or later. For Ruby versions 2.0 before r37575, update to version r37575 or later.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

ALT-PU-2014-1334

CVE-2012-5371

DLA-263-1

RHSA-2013:0582

RHSA-2026:7305

RHSA-2026:7307

RHSA-2026:8838

Affected Products

Alt Linux

Ruby

PT-2012-5955 · Ruby+1 · Ruby+1

CVE-2012-5371

Weakness Enumeration

Related Identifiers

Affected Products

References · 13