CVE-2011-4815
published 2011-12-30CVE-2011-4815: Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent…
PriorityP433high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
4.25%
89.8th percentile
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ruby-lang | ruby | <= 1.8.7-p352 | — |
| ruby-lang | ruby | <= 1.9.3 | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vendor_redhat7.8HIGH
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xpr8-vpc7-7vfc: Ruby (aka CRuby) before 1
ghsa_unreviewed·2022-05-17
CVE-2011-4815 [HIGH] CWE-20 GHSA-xpr8-vpc7-7vfc: Ruby (aka CRuby) before 1
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
GHSA
GHSA-phrv-cj28-9h57: Ruby (aka CRuby) 1
ghsa_unreviewed·2022-05-17·CVSS 7.8
CVE-2012-5371 [HIGH] GHSA-phrv-cj28-9h57: Ruby (aka CRuby) 1
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
Red Hat
ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
vendor_redhat·2012-11-09·CVSS 7.8
CVE-2012-5371 [HIGH] ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
Statement: Not vulnerable. This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6.
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2012-02-28·CVSS 4.3
CVE-2010-0541 [MEDIUM] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in ruby1.8.
Drew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site
scripting attacks when displaying error pages. A remote attacker could use this
flaw to run arbitrary web script. (CVE-2010-0541)
Drew Yao discovered that Ruby's BigDecimal module did not properly allocate
memory on 64-bit platforms. An attacker could use this flaw to cause a denial
of service or possibly execute arbitrary code with user privileges.
(CVE-2011-0188)
Nicholas Jefferson discovered that the FileUtils.remove_entry_secure method in
Ruby did not properly remove non-empty directories. An attacker could use this
flaw to possibly delete arbitrary files. (CVE-2011-1004)
It was discovered that Ruby incorrectly allowed un
Red Hat
ruby: hash table collisions CPU usage DoS (oCERT-2011-003)
vendor_redhat·2011-12-28·CVSS 7.8
CVE-2011-4815 [HIGH] ruby: hash table collisions CPU usage DoS (oCERT-2011-003)
ruby: hash table collisions CPU usage DoS (oCERT-2011-003)
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-5371 ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
bugzilla·2012-11-09·CVSS 5.0
CVE-2012-5371 [MEDIUM] CVE-2012-5371 ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
CVE-2012-5371 ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
Ruby 1.9.3-p327 was released to correct a hash-flooding DoS vulnerability that only affects 1.9.x and the 2.0.0 preview [1].
As noted in the upstream report:
Carefully crafted sequence of strings can cause a denial of service attack on the service that parses the sequence to create a Hash object by using the strings as keys. For instance, this vulnerability affects web application that parses the JSON data sent from untrusted entity.
This vulnerability is similar to CVS-2011-4815 for ruby 1.8.7. ruby 1.9 versions were using modified MurmurHash function but it's reported that there is a way to create sequence of strings that collide their hash values each other. This fix changes the Hash function of String ob
Bugzilla
CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003) [fedora-all]
bugzilla·2011-12-29·CVSS 7.8
CVE-2011-4815 [HIGH] CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003) [fedora-all]
CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type
Bugzilla
CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003)
bugzilla·2011-11-01·CVSS 7.8
CVE-2011-4815 [HIGH] CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003)
CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003)
Julian Wälde and Alexander Klink reported a flaw in the hash function used in the implementation of the Ruby arrays implemented using the hash table.
A specially-crafted set of keys could trigger hash function collisions, which degrade hash table performance by changing hash table operations complexity from an expected/average O(1) to the worst case O(n). Reporters were able to find colliding strings efficiently using equivalent substrings or meet in the middle techniques.
As various web application frameworks for Ruby automatically pre-fill certain arrays with data from the HTTP request (such as GET or POST parameters) for Ruby web application, a remote attacker could use this flaw to make Ruby interpreter use exc
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.htmlhttp://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606http://jvn.jp/en/jp/JVN90615481/index.htmlhttp://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.htmlhttp://lists.apple.com/archives/security-announce/2012/May/msg00001.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0069.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0070.htmlhttp://secunia.com/advisories/47405http://secunia.com/advisories/47822http://support.apple.com/kb/HT5281http://www.kb.cert.org/vuls/id/903934http://www.nruns.com/_downloads/advisory28122011.pdfhttp://www.ocert.org/advisories/ocert-2011-003.htmlhttp://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/http://www.securitytracker.com/id?1026474https://exchange.xforce.ibmcloud.com/vulnerabilities/72020http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.htmlhttp://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606http://jvn.jp/en/jp/JVN90615481/index.htmlhttp://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.htmlhttp://lists.apple.com/archives/security-announce/2012/May/msg00001.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0069.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0070.htmlhttp://secunia.com/advisories/47405http://secunia.com/advisories/47822http://support.apple.com/kb/HT5281http://www.kb.cert.org/vuls/id/903934http://www.nruns.com/_downloads/advisory28122011.pdfhttp://www.ocert.org/advisories/ocert-2011-003.htmlhttp://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/http://www.securitytracker.com/id?1026474https://exchange.xforce.ibmcloud.com/vulnerabilities/72020
2011-12-30
Published