Description

Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.

Remediation

References

CVE-2012-5371

Related Vulnerabilities

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-0224)

WordPress Plugin Opening Hours Cross-Site Scripting (2.3.0)

MySQL CVE-2019-2757 Vulnerability (CVE-2019-2757)

Oracle Database Server CVE-2020-2510 Vulnerability (CVE-2020-2510)

WordPress Plugin Ocean Extra PHP Object Injection (2.0.4)

Severity

Medium

Classification

CVE-2012-5371

Tags

Missing Update Known Vulnerabilities