Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2012-5371
HistoryNov 28, 2012 - 12:00 a.m.

CVE-2012-5371

2012-11-2800:00:00
ubuntu.com
ubuntu.com
22

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.02

Percentile

88.9%

JSON

Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash
values without properly restricting the ability to trigger hash collisions
predictably, which allows context-dependent attackers to cause a denial of
service (CPU consumption) via crafted input to an application that
maintains a hash table, as demonstrated by a universal multicollision
attack against a variant of the MurmurHash2 algorithm, a different
vulnerability than CVE-2011-4815.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchruby1.9.1< 1.9.3.0-1ubuntu2.5UNKNOWN
ubuntu12.10noarchruby1.9.1< 1.9.3.194-1ubuntu1.3UNKNOWN
ubuntu13.04noarchruby1.9.1< 1.9.3.194-7ubuntu1UNKNOWN
ubuntu13.10noarchruby1.9.1< 1.9.3.194-7ubuntu1UNKNOWN

Related

cve 3
rubygems 2
prion 2
cvelist 2
nvd 3
debian 2
nessus 31
osv 2
openvas 45
slackware 1
fedora 8
freebsd 2
veracode 2
seebug 2
amazon 1
oraclelinux 2
jvn 1
centos 2
redhat 3
ubuntucve 1
securityvulns 6
ubuntu 2
gentoo 1
cert 1
cve
cve
CVE-2012-5371
2012-11-28 13:03:10
CVE-2011-4815
2011-12-30 01:55:01
CVE-2011-5371
2012-11-28 00:55:01
rubygems
rubygems
CVE-2012-5371 ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
2012-11-22 20:00:00
CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003)
2011-12-27 20:00:00
prion
prion
Design/Logic Flaw
2012-11-28 13:03:00
Code injection
2011-12-30 01:55:00
cvelist
cvelist
CVE-2012-5371
2012-11-28 11:00:00
CVE-2011-4815
2011-12-30 01:00:00
nvd
nvd
CVE-2012-5371
2012-11-28 13:03:10
CVE-2011-4815
2011-12-30 01:55:01
CVE-2011-5371
2012-11-28 00:55:01
debian
debian
[SECURITY] [DLA 263-1] ruby1.9.1 security update
2015-07-01 10:09:26
[SECURITY] [DLA 88-1] ruby1.8 security update
2014-11-21 15:18:14
nessus
nessus
Debian DLA-263-1 : ruby1.9.1 security update
2015-07-02 00:00:00
Fedora 18 : ruby-1.9.3.327-22.fc18 (2012-17949)
2012-11-26 00:00:00
FreeBSD : ruby -- Hash-flooding DoS vulnerability for ruby 1.9 (5e647ca3-2aea-11e2-b745-001fd0af1a4c)
2012-11-12 00:00:00
osv
osv
ruby1.9.1 - security update
2015-07-01 00:00:00
ruby1.8 - security update
2014-11-21 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-263-1)
2023-03-08 00:00:00
FreeBSD Ports: ruby
2012-11-26 00:00:00
FreeBSD Ports: ruby
2012-11-26 00:00:00
slackware
slackware
[slackware-security] ruby
2012-12-07 03:51:38
fedora
fedora
[SECURITY] Fedora 18 Update: ruby-1.9.3.327-22.fc18
2012-11-23 07:52:57
[SECURITY] Fedora 16 Update: ruby-1.8.7.357-1.fc16
2012-01-11 06:06:56
[SECURITY] Fedora 15 Update: ruby-1.8.7.357-1.fc15
2012-01-11 06:14:53
freebsd
freebsd
ruby -- Hash-flooding DoS vulnerability for ruby 1.9
2012-11-10 00:00:00
Multiple implementations -- DoS via hash algorithm collision
2011-12-28 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:53:45
Denial Of Service (DoS)
2020-04-10 01:07:08
seebug
seebug
Ruby哈希冲突拒绝服务漏洞
2011-12-30 00:00:00
Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks
2011-12-29 00:00:00
amazon
amazon
Important: ruby
2012-01-19 20:02:00
oraclelinux
oraclelinux
ruby security update
2012-01-30 00:00:00
ruby security update
2012-01-30 00:00:00
jvn
jvn
JVN#90615481: Ruby hash table implementation vulnerable to denial-of-service
2012-07-06 00:00:00
centos
centos
ruby security update
2012-01-30 20:27:31
irb, ruby security update
2012-01-30 18:44:29
redhat
redhat
(RHSA-2012:0069) Moderate: ruby security update
2012-01-30 00:00:00
(RHSA-2012:0070) Moderate: ruby security update
2012-01-30 00:00:00
(RHSA-2013:0582) Moderate: Red Hat OpenShift Enterprise 1.1.1 update
2013-02-28 00:00:00
ubuntucve
ubuntucve
CVE-2011-4815
2011-12-29 00:00:00
securityvulns
securityvulns
n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table
2012-01-02 00:00:00
[USN-1733-1] Ruby vulnerabilities
2013-02-24 00:00:00
Ruby multiple security vulnerabilities
2013-02-24 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2013-02-21 00:00:00
Ruby vulnerabilities
2012-02-28 00:00:00
gentoo
gentoo
Ruby: Denial of service
2014-12-13 00:00:00
cert
cert
Hash table implementations vulnerable to algorithmic complexity attacks
2011-12-28 00:00:00

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.02

Percentile

88.9%

JSON
Related for UB:CVE-2012-5371
cve3rubygems2prion2cvelist2nvd3debian2nessus31osv2openvas45slackware1fedora8freebsd2veracode2seebug2amazon1oraclelinux2jvn1centos2redhat3ubuntucve1securityvulns6ubuntu2gentoo1cert1