CVE-2011-4815

2011-12-3001:55:01

CWE-20

mitre

web.nvd.nist.gov

cve-2011-4815

ruby

cruby

hash collision

denial of service

cpu consumption

nvd

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

8.1

Confidence

High

EPSS

0.02

Percentile

88.9%

JSON

Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Affected configurations

Nvd

Node

ruby-langrubyRange≤1.8.7-p352

ruby-langrubyMatch1.8.7-p299

ruby-langrubyMatch1.8.7-p302

ruby-langrubyMatch1.8.7-p330

ruby-langrubyMatch1.8.7-p334

VendorProductVersionCPE
ruby-langruby*cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
ruby-langruby1.8.7-p299cpe:2.3:a:ruby-lang:ruby:1.8.7-p299:*:*:*:*:*:*:*
ruby-langruby1.8.7-p302cpe:2.3:a:ruby-lang:ruby:1.8.7-p302:*:*:*:*:*:*:*
ruby-langruby1.8.7-p330cpe:2.3:a:ruby-lang:ruby:1.8.7-p330:*:*:*:*:*:*:*
ruby-langruby1.8.7-p334cpe:2.3:a:ruby-lang:ruby:1.8.7-p334:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ruby-lang	ruby	*	cpe:2.3:a:ruby-lang:ruby::::::::
ruby-lang	ruby	1.8.7-p299	cpe:2.3:a:ruby-lang:ruby:1.8.7-p299:::::::*
ruby-lang	ruby	1.8.7-p302	cpe:2.3:a:ruby-lang:ruby:1.8.7-p302:::::::*
ruby-lang	ruby	1.8.7-p330	cpe:2.3:a:ruby-lang:ruby:1.8.7-p330:::::::*
ruby-lang	ruby	1.8.7-p334	cpe:2.3:a:ruby-lang:ruby:1.8.7-p334:::::::*