Veracode Vulnerability DatabaseVERACODE:14585Denial Of Service (DoS)
0.006 Low
EPSS
Percentile
77.9%
ruby is vulnerable to denial of service. An attacker able to supply a large number of inputs to a Ruby application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time.
References
2012.appsec-forum.ch/conferences/#c17
asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf
secunia.com/advisories/51253
securitytracker.com/id?1027747
www.ocert.org/advisories/ocert-2012-001.html
www.osvdb.org/87280
www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/
www.securityfocus.com/bid/56484
www.ubuntu.com/usn/USN-1733-1
access.redhat.com/knowledge/docs/
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=875236
bugzilla.redhat.com/show_bug.cgi?id=887353
bugzilla.redhat.com/show_bug.cgi?id=889426
bugzilla.redhat.com/show_bug.cgi?id=895347
bugzilla.redhat.com/show_bug.cgi?id=895355
bugzilla.redhat.com/show_bug.cgi?id=902412
bugzilla.redhat.com/show_bug.cgi?id=902630
bugzilla.redhat.com/show_bug.cgi?id=903526
bugzilla.redhat.com/show_bug.cgi?id=903546
bugzilla.redhat.com/show_bug.cgi?id=905021
bugzilla.redhat.com/show_bug.cgi?id=905656
bugzilla.redhat.com/show_bug.cgi?id=906227
bugzilla.redhat.com/show_bug.cgi?id=906845
exchange.xforce.ibmcloud.com/vulnerabilities/79993
rhn.redhat.com/errata/RHSA-2013-0582.html
www.131002.net/data/talks/appsec12_slides.pdf
Related
