CVE-2012-5371
ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
Ruby (también conocido como CRuby) v1.9 anteriores a v1.9.3-p327 y v2.0 anteriores a r37575 calcula los valores de hash sin restringir la posibilidad de provocar colisiones hash previsibles, lo que permite a atacantes dependientes de contexto provocar una denegación de servicio (consumo de CPU) a través de la manipulación de una entrada para la aplicación que mantiene la tabla de valores hash, como lo demuestra un ataque universal multicolision contra una variante del algoritmo MurmurHash2, una vulnerabilidad diferente a CVE-2011-4815.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-10-10 CVE Reserved
- 2012-11-28 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://2012.appsec-forum.ch/conferences/#c17 | X_refsource_misc | |
| http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf | X_refsource_misc | |
| http://secunia.com/advisories/51253 | Third Party Advisory | |
| http://www.ocert.org/advisories/ocert-2012-001.html | X_refsource_misc | |
| http://www.osvdb.org/87280 | Vdb Entry | |
| http://www.securityfocus.com/bid/56484 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79993 | Vdb Entry | |
| https://www.131002.net/data/talks/appsec12_slides.pdf | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://securitytracker.com/id?1027747 | 2017-08-29 | |
| http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371 | 2017-08-29 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=875236 | 2013-02-28 |
| URL | Date | SRC |
|---|---|---|
| http://www.ubuntu.com/usn/USN-1733-1 | 2017-08-29 | |
| https://access.redhat.com/security/cve/CVE-2012-5371 | 2013-02-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | <= 1.9.3 Search vendor "Ruby-lang" for product "Ruby" and version " <= 1.9.3" | p286 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9 Search vendor "Ruby-lang" for product "Ruby" and version "1.9" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.1 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.1" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.2 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.2" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3" | p0 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3" | p125 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3" | p194 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.0" | - |
Affected
| ||||||