CVE-2011-4838Uncontrolled Resource Consumption in Jruby

CWE-400Uncontrolled Resource Consumption15 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
7.3%
top 8.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
JrubyDebian Jruby
Timeline
PublishedDec 30
Latest updateMay 17

Description

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDjruby/jruby< 1.6.5.1
debiandebian/jruby< jruby 1.5.6-4 (bookworm)+1
Debianjruby/jruby< 1.5.6-4+5

🔴Vulnerability Details

5
GHSA
JRuby denial of service via Hash Collision2022-05-17
OSV
JRuby denial of service via Hash Collision2022-05-17
GHSA
GHSA-cgqc-fqxr-q6r6: JRuby before 12022-05-13
OSV
CVE-2012-5370: JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers t2012-11-28
OSV
CVE-2011-4838: JRuby before 12011-12-30

📋Vendor Advisories

4
Red Hat
jruby: Murmur hash function collisions (oCERT-2012-001)2012-11-23
Debian
CVE-2012-5370: jruby - JRuby computes hash values without properly restricting the ability to trigger h...2012
Red Hat
jruby: hash table collisions DoS (oCERT-2011-003)2011-12-28
Debian
CVE-2011-4838: jruby - JRuby before 1.6.5.1 computes hash values without restricting the ability to tri...2011

💬Community

4
Bugzilla
CVE-2012-5370 jruby: Murmur hash function collisions (oCERT-2012-001)2012-11-27
Bugzilla
CVE-2011-4838 jruby: hash table collisions CPU usage DoS (oCERT-2011-003) [fedora-16]2011-12-29
Bugzilla
CVE-2011-4838 jruby: hash table collisions DoS (oCERT-2011-003)2011-12-29
Bugzilla
CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003)2011-11-01