CVE-2011-4815

Loading...

General

Score:7.8/10.0
Severity:High
Category:Input Validation Error

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2011-0188, CVE-2011-2686, CVE-2011-2705, CVE-2011-3009, CVE-2011-3414, CVE-2014-8080, CVE-2014-8090

Published on 30/12/11 - Updated on 29/08/17

Description

Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2011-4815
Amazon Linux ALAS-2012-35
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2011-AVI-729, CERTA-2012-AVI-272
CentOS CESA-2012:0069, CESA-2012:0070
Debian LTSDLA-88-1
Oracle Linux ELSA-2012-0069, ELSA-2012-0070
Redhat RHSA-2012:0069, RHSA-2012:0070
Renater 2011/VULN677
SUSE SUSE-SU-2012:0147

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
ruby-langruby

Share this vulnerability with:

Twitter Facebook LinkedIn Mail