CVE-2011-4815

Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7-p299:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7-p302:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7-p330:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7-p334:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-12-30 01:55

Updated : 2024-02-04 17:54


NVD link : CVE-2011-4815

Mitre link : CVE-2011-4815

CVE.ORG link : CVE-2011-4815


JSON object : View

Products Affected

ruby-lang

  • ruby
CWE
CWE-20

Improper Input Validation