Your submission was sent successfully! Close

CVE-2011-4815

Published: 29 December 2011

Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Notes

AuthorNote
mdeslaur
ruby 1.9+ randomizes hash
Priority

Medium

Status

Package Release Status
ruby1.8
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid
Released (1.8.7.249-2ubuntu0.1)
maverick
Released (1.8.7.299-2ubuntu0.1)
natty
Released (1.8.7.302-2ubuntu0.1)
oneiric
Released (1.8.7.352-2ubuntu0.1)
upstream
Released (1.8.7.357)
Patches:
upstream: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=34151
ruby1.9
Launchpad, Ubuntu, Debian
hardy Not vulnerable

lucid Not vulnerable

maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream Not vulnerable

ruby1.9.1
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Not vulnerable

natty Not vulnerable

oneiric Not vulnerable

upstream Not vulnerable