ByteOS Network

NVD Vulnerability Details :

CVE-2011-4815

Deferred

Source-cve@mitre.org

Published At-30 Dec, 2011 | 01:55

Updated At-11 Apr, 2025 | 00:51

Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C

CPE Matches

Ruby

>>ruby>>Versions up to 1.8.7-p352(inclusive)

cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*

Ruby

>>ruby>>1.8.7-p299

cpe:2.3:a:ruby-lang:ruby:1.8.7-p299:*:*:*:*:*:*:*

Ruby

>>ruby>>1.8.7-p302

cpe:2.3:a:ruby-lang:ruby:1.8.7-p302:*:*:*:*:*:*:*

Ruby

>>ruby>>1.8.7-p330

cpe:2.3:a:ruby-lang:ruby:1.8.7-p330:*:*:*:*:*:*:*

Ruby

>>ruby>>1.8.7-p334

cpe:2.3:a:ruby-lang:ruby:1.8.7-p334:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-20	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html	cve@mitre.org	N/A
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606	cve@mitre.org	N/A
http://jvn.jp/en/jp/JVN90615481/index.html	cve@mitre.org	N/A
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html	cve@mitre.org	N/A
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html	cve@mitre.org	N/A
http://rhn.redhat.com/errata/RHSA-2012-0069.html	cve@mitre.org	N/A
http://rhn.redhat.com/errata/RHSA-2012-0070.html	cve@mitre.org	N/A
http://secunia.com/advisories/47405	cve@mitre.org	N/A
http://secunia.com/advisories/47822	cve@mitre.org	N/A
http://support.apple.com/kb/HT5281	cve@mitre.org	N/A
http://www.kb.cert.org/vuls/id/903934	cve@mitre.org	US Government Resource
http://www.nruns.com/_downloads/advisory28122011.pdf	cve@mitre.org	N/A
http://www.ocert.org/advisories/ocert-2011-003.html	cve@mitre.org	N/A
http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/	cve@mitre.org	N/A
http://www.securitytracker.com/id?1026474	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/72020	cve@mitre.org	N/A
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606	af854a3a-2127-422b-91ae-364da2661108	N/A
http://jvn.jp/en/jp/JVN90615481/index.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://rhn.redhat.com/errata/RHSA-2012-0069.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://rhn.redhat.com/errata/RHSA-2012-0070.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/47405	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/47822	af854a3a-2127-422b-91ae-364da2661108	N/A
http://support.apple.com/kb/HT5281	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.kb.cert.org/vuls/id/903934	af854a3a-2127-422b-91ae-364da2661108	US Government Resource
http://www.nruns.com/_downloads/advisory28122011.pdf	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.ocert.org/advisories/ocert-2011-003.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securitytracker.com/id?1026474	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/72020	af854a3a-2127-422b-91ae-364da2661108	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History