7.8

CVE-2011-4815

Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ruby-langRuby Version <= 1.8.7-p352
Ruby-langRuby Version1.8.7-p299
Ruby-langRuby Version1.8.7-p302
Ruby-langRuby Version1.8.7-p330
Ruby-langRuby Version1.8.7-p334
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.25% 0.898
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://support.apple.com/kb/HT5281
http://rhn.redhat.com/errata/RHSA-2012-0070.html
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
http://www.kb.cert.org/vuls/id/903934
US Government Resource
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606
http://jvn.jp/en/jp/JVN90615481/index.html
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html
http://rhn.redhat.com/errata/RHSA-2012-0069.html
http://secunia.com/advisories/47405
http://secunia.com/advisories/47822
http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/
http://www.securitytracker.com/id?1026474
https://exchange.xforce.ibmcloud.com/vulnerabilities/72020