CVE-2011-4815
Published: 29 December 2011
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Notes
| Author | Note |
|---|---|
| mdeslaur | ruby 1.9+ randomizes hash |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ruby1.8 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Released
(1.8.7.249-2ubuntu0.1)
|
|
| maverick |
Released
(1.8.7.299-2ubuntu0.1)
|
|
| natty |
Released
(1.8.7.302-2ubuntu0.1)
|
|
| oneiric |
Released
(1.8.7.352-2ubuntu0.1)
|
|
| upstream |
Released
(1.8.7.357)
|
|
|
Patches: upstream: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=34151 |
||
|
ruby1.9 Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
| lucid |
Not vulnerable
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
|
ruby1.9.1 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
|
|
| maverick |
Not vulnerable
|
|
| natty |
Not vulnerable
|
|
| oneiric |
Not vulnerable
|
|
| upstream |
Not vulnerable
|
|
References
- http://www.kb.cert.org/vuls/id/903934
- http://www.ocert.org/advisories/ocert-2011-003.html
- http://www.nruns.com/_downloads/advisory28122011.pdf
- http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606
- https://ubuntu.com/security/notices/USN-1377-1
- https://www.cve.org/CVERecord?id=CVE-2011-4815
- NVD
- Launchpad
- Debian