CVE-2011-4815
CVE-2011-4815
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.htmlhttp://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.htmlhttp://jvn.jp/en/jp/JVN90615481/index.htmlhttp://lists.apple.com/archives/security-announce/2012/May/msg00001.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0069.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0070.htmlhttp://secunia.com/advisories/47405http://secunia.com/advisories/47822https://exchange.xforce.ibmcloud.com/vulnerabilities/72020http://support.apple.com/kb/HT5281http://www.kb.cert.org/vuls/id/903934