CVE-2012-5371
Last modified
CVE-2012-5371 is a vulnerability of currently unknown severity. Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.. EPSS estimates a 3.36% chance of exploitation in the next 30 days.
Description
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Ruby-Lang | Ruby | <= 1.9.3 | P286 |
| Ruby-Lang | Ruby | 1.9 | — |
| Ruby-Lang | Ruby | 1.9.1 | — |
| Ruby-Lang | Ruby | 1.9.2 | — |
| Ruby-Lang | Ruby | 1.9.3 | — |
| Ruby-Lang | Ruby | 2.0 | — |
References
- http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/Patch, Vendor Advisory
- http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-5371?
How severe is CVE-2012-5371?
How do I fix CVE-2012-5371?
Are you affected by CVE-2012-5371?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST