Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2012-5371
Deferred
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-28 Nov, 2012 | 13:03
Updated At-11 Apr, 2025 | 00:51

Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Ruby
ruby-lang
>>ruby>>Versions up to 1.9.3(inclusive)
cpe:2.3:a:ruby-lang:ruby:*:p286:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.9
cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.9.1
cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.9.2
cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.9.3
cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.9.3
cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.9.3
cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>1.9.3
cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
Ruby
ruby-lang
>>ruby>>2.0
cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-310Primarynvd@nist.gov
CWE ID: CWE-310
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://2012.appsec-forum.ch/conferences/#c17cve@mitre.org
N/A
http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdfcve@mitre.org
N/A
http://secunia.com/advisories/51253cve@mitre.org
N/A
http://securitytracker.com/id?1027747cve@mitre.org
Patch
http://www.ocert.org/advisories/ocert-2012-001.htmlcve@mitre.org
N/A
http://www.osvdb.org/87280cve@mitre.org
N/A
http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/cve@mitre.org
Patch
Vendor Advisory
http://www.securityfocus.com/bid/56484cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-1733-1cve@mitre.org
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=875236cve@mitre.org
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/79993cve@mitre.org
N/A
https://www.131002.net/data/talks/appsec12_slides.pdfcve@mitre.org
N/A
http://2012.appsec-forum.ch/conferences/#c17af854a3a-2127-422b-91ae-364da2661108
N/A
http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdfaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/51253af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1027747af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.ocert.org/advisories/ocert-2012-001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/87280af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.securityfocus.com/bid/56484af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1733-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=875236af854a3a-2127-422b-91ae-364da2661108
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/79993af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.131002.net/data/talks/appsec12_slides.pdfaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://2012.appsec-forum.ch/conferences/#c17
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/51253
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1027747
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.ocert.org/advisories/ocert-2012-001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/87280
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/56484
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1733-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=875236
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/79993
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.131002.net/data/talks/appsec12_slides.pdf
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://2012.appsec-forum.ch/conferences/#c17
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/51253
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1027747
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.ocert.org/advisories/ocert-2012-001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/87280
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/56484
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1733-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=875236
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/79993
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.131002.net/data/talks/appsec12_slides.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found