Описание
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.8.7.358-6ubuntu1 |
| hardy | ignored | end of life |
| lucid | not-affected | 1.8.7.249-2ubuntu0.2 |
| oneiric | not-affected | 1.8.7.352-2ubuntu0.2 |
| precise | not-affected | 1.8.7.352-2ubuntu1.1 |
| quantal | not-affected | 1.8.7.358-4ubuntu0.1 |
| raring | not-affected | 1.8.7.358-6ubuntu1 |
| saucy | not-affected | 1.8.7.358-6ubuntu1 |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.9.3.194-7ubuntu1 |
| hardy | DNE | |
| lucid | ignored | end of life |
| oneiric | ignored | end of life |
| precise | released | 1.9.3.0-1ubuntu2.5 |
| quantal | released | 1.9.3.194-1ubuntu1.3 |
| raring | released | 1.9.3.194-7ubuntu1 |
| saucy | released | 1.9.3.194-7ubuntu1 |
| upstream | released | 1.9.3.194-4, 1.9.3 pl 327 |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
Связанные уязвимости
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes ...
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
EPSS
5 Medium
CVSS2