CVE-2012-5371
published 2012-11-28CVE-2012-5371: Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions…
PriorityP423medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
3.36%
87.2th percentile
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ruby-lang | ruby | <= 1.9.3 | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat7.8HIGH
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2013-02-21·CVSS 5.0
CVE-2012-5371 [MEDIUM] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
Jean-Philippe Aumasson discovered that Ruby incorrectly generated
predictable hash values. An attacker could use this issue to generate hash
collisions and cause a denial of service. (CVE-2012-5371)
Evgeny Ermakov discovered that documentation generated by rdoc is
vulnerable to a cross-site scripting issue. With cross-site scripting
vulnerabilities, if a user were tricked into viewing a specially crafted
page, a remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain. (CVE-2013-0256)
Thomas Hollstegge and Ben Murphy discovered that the JSON implementation
in Ruby incorrectly handled certain crafted documents. An attacker could
use this issue to cause a
Red Hat
ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
vendor_redhat·2012-11-09·CVSS 7.8
CVE-2012-5371 [HIGH] ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
Statement: Not vulnerable. This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6.
GHSA
GHSA-phrv-cj28-9h57: Ruby (aka CRuby) 1
ghsa_unreviewed·2022-05-17·CVSS 7.8
CVE-2012-5371 [HIGH] GHSA-phrv-cj28-9h57: Ruby (aka CRuby) 1
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-5373 java: Murmur hash function collisions (oCERT-2012-001)
bugzilla·2012-11-27·CVSS 5.0
CVE-2012-5373 [MEDIUM] CVE-2012-5373 java: Murmur hash function collisions (oCERT-2012-001)
CVE-2012-5373 java: Murmur hash function collisions (oCERT-2012-001)
A denial of service flaw was found in the Murmur hash function implementation, as being used by various Java implementations. A specially-crafted set of keys could trigger Murmur hash function collisions, which degrade hash table items insert performance by changing hash table operations complexity from an expected/average O(n) to the worst case O(n^2). Reporters were able to find colliding strings efficiently using equivalent substrings.
As various web application frameworks for Java automatically pre-fill certain arrays with data from the HTTP request (such as GET or POST parameters) for Java web applications, a remote attacker could use this flaw to make the Java virtual machine to use an excessive amount of CPU time
Bugzilla
CVE-2012-5370 jruby: Murmur hash function collisions (oCERT-2012-001)
bugzilla·2012-11-27·CVSS 5.0
CVE-2012-5370 [MEDIUM] CVE-2012-5370 jruby: Murmur hash function collisions (oCERT-2012-001)
CVE-2012-5370 jruby: Murmur hash function collisions (oCERT-2012-001)
A denial of service flaw was found in the JRuby's Murmur hash function implementation. A specially-crafted set of keys could trigger Murmur hash function collisions, which degrade hash table items insert performance by changing hash table operations complexity from an expected/average O(n) to the worst case O(n^2). Reporters were able to find colliding strings efficiently using equivalent substrings.
As various web application frameworks for Ruby automatically pre-fill certain arrays with data from the HTTP request (such as GET or POST parameters) for Ruby web applications, a remote attacker could use this flaw to make the Ruby interpreter use an excessive amount of CPU time by sending a POST request with a large numbe
Bugzilla
CVE-2012-5371 ruby: hash-flooding DoS flaw in ruby 1.9 [fedora-18]
bugzilla·2012-11-10·CVSS 5.0
CVE-2012-5371 [MEDIUM] CVE-2012-5371 ruby: hash-flooding DoS flaw in ruby 1.9 [fedora-18]
CVE-2012-5371 ruby: hash-flooding DoS flaw in ruby 1.9 [fedora-18]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
fedora-18 tracking bug for ruby: see b
Bugzilla
CVE-2012-5371 ruby: hash-flooding DoS flaw in ruby 1.9 [fedora-17]
bugzilla·2012-11-10·CVSS 5.0
CVE-2012-5371 [MEDIUM] CVE-2012-5371 ruby: hash-flooding DoS flaw in ruby 1.9 [fedora-17]
CVE-2012-5371 ruby: hash-flooding DoS flaw in ruby 1.9 [fedora-17]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
fedora-17 tracking bug for ruby: see b
Bugzilla
CVE-2012-5371 ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
bugzilla·2012-11-09·CVSS 5.0
CVE-2012-5371 [MEDIUM] CVE-2012-5371 ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
CVE-2012-5371 ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
Ruby 1.9.3-p327 was released to correct a hash-flooding DoS vulnerability that only affects 1.9.x and the 2.0.0 preview [1].
As noted in the upstream report:
Carefully crafted sequence of strings can cause a denial of service attack on the service that parses the sequence to create a Hash object by using the strings as keys. For instance, this vulnerability affects web application that parses the JSON data sent from untrusted entity.
This vulnerability is similar to CVS-2011-4815 for ruby 1.8.7. ruby 1.9 versions were using modified MurmurHash function but it's reported that there is a way to create sequence of strings that collide their hash values each other. This fix changes the Hash function of String ob
http://2012.appsec-forum.ch/conferences/#c17http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdfhttp://secunia.com/advisories/51253http://securitytracker.com/id?1027747http://www.ocert.org/advisories/ocert-2012-001.htmlhttp://www.osvdb.org/87280http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/http://www.securityfocus.com/bid/56484http://www.ubuntu.com/usn/USN-1733-1https://bugzilla.redhat.com/show_bug.cgi?id=875236https://exchange.xforce.ibmcloud.com/vulnerabilities/79993https://www.131002.net/data/talks/appsec12_slides.pdfhttp://2012.appsec-forum.ch/conferences/#c17http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdfhttp://secunia.com/advisories/51253http://securitytracker.com/id?1027747http://www.ocert.org/advisories/ocert-2012-001.htmlhttp://www.osvdb.org/87280http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/http://www.securityfocus.com/bid/56484http://www.ubuntu.com/usn/USN-1733-1https://bugzilla.redhat.com/show_bug.cgi?id=875236https://exchange.xforce.ibmcloud.com/vulnerabilities/79993https://www.131002.net/data/talks/appsec12_slides.pdf
2012-11-28
Published