CVE-2011-5036
published 2011-12-30CVE-2011-5036: Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash…
PriorityP423medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
4.02%
89.3th percentile
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ruby-rack | < ruby-rack 1.4.0-1 (bookworm) | ruby-rack 1.4.0-1 (bookworm) |
| rack | rack | >= 0 < 1.1.3 | 1.1.3 |
| rack | rack | >= 1.2.0 < 1.2.5 | 1.2.5 |
| rack | rack | >= 1.3.0 < 1.3.6 | 1.3.6 |
| rack_project | rack | <= 1.1.0 | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Rack Gem Subject to Denial of Service via Hash Collisions
osv·2022-05-17
CVE-2011-5036 [MEDIUM] Rack Gem Subject to Denial of Service via Hash Collisions
Rack Gem Subject to Denial of Service via Hash Collisions
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
GHSA
Rack Gem Subject to Denial of Service via Hash Collisions
ghsa·2022-05-17
CVE-2011-5036 [MEDIUM] CWE-328 Rack Gem Subject to Denial of Service via Hash Collisions
Rack Gem Subject to Denial of Service via Hash Collisions
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
OSV
CVE-2011-5036: Rack before 1
osv·2011-12-30·CVSS 5.0
CVE-2011-5036 [MEDIUM] CVE-2011-5036: Rack before 1
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Red Hat
rubygem-rack: hash table collisions DoS (oCERT-2011-003)
vendor_redhat·2011-12-28·CVSS 5.0
CVE-2011-5036 [MEDIUM] CWE-407 rubygem-rack: hash table collisions DoS (oCERT-2011-003)
rubygem-rack: hash table collisions DoS (oCERT-2011-003)
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Package: rubygem-rack (Red Hat Subscription Asset Manager) - Will not fix
Debian
CVE-2011-5036: ruby-rack - Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash valu...
vendor_debian·2011·CVSS 5.0
CVE-2011-5036 [MEDIUM] CVE-2011-5036: ruby-rack - Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash valu...
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Scope: local
bookworm: resolved (fixed in 1.4.0-1)
bullseye: resolved (fixed in 1.4.0-1)
forky: resolved (fixed in 1.4.0-1)
sid: resolved (fixed in 1.4.0-1)
trixie: resolved (fixed in 1.4.0-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-5036 rubygem-rack: hash table collisions DoS (oCERT-2011-003)
bugzilla·2012-01-02·CVSS 5.0
CVE-2011-5036 [MEDIUM] CVE-2011-5036 rubygem-rack: hash table collisions DoS (oCERT-2011-003)
CVE-2011-5036 rubygem-rack: hash table collisions DoS (oCERT-2011-003)
Julian Wälde and Alexander Klink reported a flaw in the hash function used in the implementation of the Ruby-rack arrays. Ruby-rack arrays are implemented using the hash table that maps keys to values:
http://rack.rubyforge.org/doc/classes/Rack/Request.html
A specially-crafted set of keys could trigger hash function collisions, which
degrade hash table performance by changing hash table operations complexity
from an expected/average O(1) to the worst case O(n). Reporters were able to
find colliding strings efficiently using equivalent substrings or meet in the
middle techniques.
This problem is similar to the issue that was previously reported for and fixed
in e.g. perl:
http://www.cs.rice.edu/~scrosby/hash/CrosbyWa
Bugzilla
CVE-2011-5036 CVE-2013-0184 rubygem-rack various flaws [epel-all]
bugzilla·2012-01-02·CVSS 5.0
CVE-2011-5036 [MEDIUM] CVE-2011-5036 CVE-2013-0184 rubygem-rack various flaws [epel-all]
CVE-2011-5036 CVE-2013-0184 rubygem-rack various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=7711
Bugzilla
CVE-2011-5036 rubygem-rack: hash table collisions DoS (oCERT-2011-003) [fedora-all]
bugzilla·2012-01-02·CVSS 5.0
CVE-2011-5036 [MEDIUM] CVE-2011-5036 rubygem-rack: hash table collisions DoS (oCERT-2011-003) [fedora-all]
CVE-2011-5036 rubygem-rack: hash table collisions DoS (oCERT-2011-003) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=
Bugzilla
CVE-2011-5036 rubygem-rack: hash table collisions DoS (oCERT-2011-003) [epel-5]
bugzilla·2012-01-02·CVSS 5.0
CVE-2011-5036 [MEDIUM] CVE-2011-5036 rubygem-rack: hash table collisions DoS (oCERT-2011-003) [epel-5]
CVE-2011-5036 rubygem-rack: hash table collisions DoS (oCERT-2011-003) [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=secu
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.htmlhttp://www.debian.org/security/2013/dsa-2783http://www.kb.cert.org/vuls/id/903934http://www.nruns.com/_downloads/advisory28122011.pdfhttp://www.ocert.org/advisories/ocert-2011-003.htmlhttps://gist.github.com/52bbc6b9cc19ce330829http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.htmlhttp://www.debian.org/security/2013/dsa-2783http://www.kb.cert.org/vuls/id/903934http://www.nruns.com/_downloads/advisory28122011.pdfhttp://www.ocert.org/advisories/ocert-2011-003.htmlhttps://gist.github.com/52bbc6b9cc19ce330829
2011-12-30
Published