Lucene search

K

GoogleOSV:GHSA-V6J3-7JRW-HQ2P

HistoryMay 17, 2022 - 4:59 a.m.

Rack Gem Subject to Denial of Service via Hash Collisions

2022-05-1704:59:13

Google

osv.dev

12

rack gem

denial of service

hash collisions

remote attackers

cpu consumption

crafted parameters

software

EPSS

0.008

Percentile

81.8%

Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

References

www.debian.org/security/2013/dsa-2783

www.kb.cert.org/vuls/id/903934

www.nruns.com/_downloads/advisory28122011.pdf

www.ocert.org/advisories/ocert-2011-003.html

gist.github.com/52bbc6b9cc19ce330829

github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2011-5036.yml

nvd.nist.gov/vuln/detail/CVE-2011-5036

web.archive.org/web/20120201040317/jruby.org/2011/12/27/jruby-1-6-5-1

web.archive.org/web/20130213132312/archives.neohapsis.com/archives/bugtraq/2011-12/0181.html

EPSS

0.008

Percentile

81.8%

Related for OSV:GHSA-V6J3-7JRW-HQ2P

nvd1 ubuntucve1 openvas12 cve1 fedora3 cvelist1 debiancve1 github1 nessus5 rubygems1 gentoo1 prion1 debian3 securityvulns2 freebsd1 osv1