Launchpad CVE tracker

CVE 2011-4815

Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Related bugs and status

CVE-2011-4815 (Candidate) is related to these bugs:

Bug #943451: Precise vulnerable to hash collision DoS

Summary				In	Importance	Status
	943451	Precise vulnerable to hash collision DoS		ruby1.8 (Ubuntu)	Medium	Fix Released

Bug #1020335: Sync ruby1.8 1.8.7.358-4 (main) from Debian unstable (main)

Summary				In	Importance	Status
	1020335	Sync ruby1.8 1.8.7.358-4 (main) from Debian unstable (main)		ruby1.8 (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [ruby-talk] 20111228 [...
MISC: http://www.nruns.com/_...
MISC: http://www.ocert.org/a...
CERT-VN: VU#903934
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2012-05-09-1
REDHAT: RHSA-2012:0069
SECUNIA: 47822
BUGTRAQ: 20111228 n.runs-SA-201...
CONFIRM: http://www.ruby-lang.o...
REDHAT: RHSA-2012:0070
SECTRACK: 1026474
SECUNIA: 47405
JVN: JVN#90615481
JVNDB: JVNDB-2012-000066
XF: ruby-hash-dos(72020)

Launchpad.net

CVE 2011-4815

Related bugs and status

Related bugs

References