Home

CVE-2012-5371

Description

Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.

Risk Information

Base Score
7.5
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
2.387

Associated Vulnerability

VulnerabilityOS Platform
Ruby update (ELSA-2023-7025) ruby-2.5.9-111.module+el8.9.0+90042+a65659a6.i686.rpmLinux
Ruby update (ELSA-2023-7025) ruby-2.5.9-111.module+el8.9.0+90042+a65659a6.x86_64.rpmLinux
Ruby-devel update (ELSA-2023-7025) ruby-devel-2.5.9-111.module+el8.9.0+90042+a65659a6.i686.rpmLinux
Ruby-devel update (ELSA-2023-7025) ruby-devel-2.5.9-111.module+el8.9.0+90042+a65659a6.x86_64.rpmLinux
Ruby-doc update (ELSA-2023-7025) ruby-doc-2.5.9-111.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Ruby-irb update (ELSA-2023-7025) ruby-irb-2.5.9-111.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Ruby-libs update (ELSA-2023-7025) ruby-libs-2.5.9-111.module+el8.9.0+90042+a65659a6.i686.rpmLinux
Ruby-libs update (ELSA-2023-7025) ruby-libs-2.5.9-111.module+el8.9.0+90042+a65659a6.x86_64.rpmLinux
Rubygem-abrt update (ELSA-2023-7025) rubygem-abrt-0.3.0-4.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Rubygem-abrt-doc update (ELSA-2023-7025) rubygem-abrt-doc-0.3.0-4.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Rubygem-bigdecimal update (ELSA-2023-7025) rubygem-bigdecimal-1.3.4-111.module+el8.9.0+90042+a65659a6.i686.rpmLinux
Rubygem-bigdecimal update (ELSA-2023-7025) rubygem-bigdecimal-1.3.4-111.module+el8.9.0+90042+a65659a6.x86_64.rpmLinux
Rubygem-bson update (ELSA-2023-7025) rubygem-bson-4.3.0-2.module+el8.9.0+90042+a65659a6.x86_64.rpmLinux
Rubygem-bson-doc update (ELSA-2023-7025) rubygem-bson-doc-4.3.0-2.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Rubygem-bundler update (ELSA-2023-7025) rubygem-bundler-1.16.1-4.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Rubygem-bundler-doc update (ELSA-2023-7025) rubygem-bundler-doc-1.16.1-4.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Rubygem-did_you_mean update (ELSA-2023-7025) rubygem-did_you_mean-1.2.0-111.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Rubygem-io-console update (ELSA-2023-7025) rubygem-io-console-0.4.6-111.module+el8.9.0+90042+a65659a6.i686.rpmLinux
Rubygem-io-console update (ELSA-2023-7025) rubygem-io-console-0.4.6-111.module+el8.9.0+90042+a65659a6.x86_64.rpmLinux
Rubygem-json update (ELSA-2023-7025) rubygem-json-2.1.0-111.module+el8.9.0+90042+a65659a6.i686.rpmLinux
Rubygem-json update (ELSA-2023-7025) rubygem-json-2.1.0-111.module+el8.9.0+90042+a65659a6.x86_64.rpmLinux
Rubygem-minitest update (ELSA-2023-7025) rubygem-minitest-5.10.3-111.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Rubygem-mongo update (ELSA-2023-7025) rubygem-mongo-2.5.1-2.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Rubygem-mongo-doc update (ELSA-2023-7025) rubygem-mongo-doc-2.5.1-2.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Rubygem-mysql2 update (ELSA-2023-7025) rubygem-mysql2-0.4.10-4.module+el8.9.0+90042+a65659a6.x86_64.rpmLinux
Rubygem-mysql2-doc update (ELSA-2023-7025) rubygem-mysql2-doc-0.4.10-4.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Rubygem-net-telnet update (ELSA-2023-7025) rubygem-net-telnet-0.1.1-111.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Rubygem-openssl update (ELSA-2023-7025) rubygem-openssl-2.1.2-111.module+el8.9.0+90042+a65659a6.i686.rpmLinux
Rubygem-openssl update (ELSA-2023-7025) rubygem-openssl-2.1.2-111.module+el8.9.0+90042+a65659a6.x86_64.rpmLinux
Rubygem-pg update (ELSA-2023-7025) rubygem-pg-1.0.0-3.module+el8.9.0+90042+a65659a6.x86_64.rpmLinux
Rubygem-pg-doc update (ELSA-2023-7025) rubygem-pg-doc-1.0.0-3.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Rubygem-power_assert update (ELSA-2023-7025) rubygem-power_assert-1.1.1-111.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Rubygem-psych update (ELSA-2023-7025) rubygem-psych-3.0.2-111.module+el8.9.0+90042+a65659a6.i686.rpmLinux
Rubygem-psych update (ELSA-2023-7025) rubygem-psych-3.0.2-111.module+el8.9.0+90042+a65659a6.x86_64.rpmLinux
Rubygem-rake update (ELSA-2023-7025) rubygem-rake-12.3.3-111.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Rubygem-rdoc update (ELSA-2023-7025) rubygem-rdoc-6.0.1.1-111.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Rubygem-test-unit update (ELSA-2023-7025) rubygem-test-unit-3.2.7-111.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Rubygem-xmlrpc update (ELSA-2023-7025) rubygem-xmlrpc-0.3.0-111.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Rubygems update (ELSA-2023-7025) rubygems-2.7.6.3-111.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Rubygems-devel update (ELSA-2023-7025) rubygems-devel-2.7.6.3-111.module+el8.9.0+90042+a65659a6.noarch.rpmLinux
Rubygem-json update (ELSA-2025-4063) rubygem-json-2.6.1-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpmLinux
Rubygem-json update (ELSA-2025-4063) rubygem-json-2.6.1-145.module+el8.10.0+90550+7d8a4a30.i686.rpmLinux
Rubygem-irb update (ELSA-2025-4063) rubygem-irb-1.4.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-io-console update (ELSA-2025-4063) rubygem-io-console-0.5.11-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpmLinux
Rubygem-io-console update (ELSA-2025-4063) rubygem-io-console-0.5.11-145.module+el8.10.0+90550+7d8a4a30.i686.rpmLinux
Rubygem-bundler update (ELSA-2025-4063) rubygem-bundler-2.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-bigdecimal update (ELSA-2025-4063) rubygem-bigdecimal-3.1.1-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpmLinux
Rubygem-bigdecimal update (ELSA-2025-4063) rubygem-bigdecimal-3.1.1-145.module+el8.10.0+90550+7d8a4a30.i686.rpmLinux
Rubygem-abrt-doc update (ELSA-2025-4063) rubygem-abrt-doc-0.4.0-1.module+el8.7.0+20780+b11ff321.noarch.rpmLinux
Rubygem-mysql2 update (ELSA-2025-4063) rubygem-mysql2-0.5.3-2.module+el8.7.0+20780+b11ff321.x86_64.rpmLinux
Ruby-libs update (ELSA-2025-4063) ruby-libs-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpmLinux
Ruby-libs update (ELSA-2025-4063) ruby-libs-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpmLinux
Ruby-doc update (ELSA-2025-4063) ruby-doc-3.1.7-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Ruby-devel update (ELSA-2025-4063) ruby-devel-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpmLinux
Ruby-devel update (ELSA-2025-4063) ruby-devel-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpmLinux
Ruby-default-gems update (ELSA-2025-4063) ruby-default-gems-3.1.7-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Ruby-bundled-gems update (ELSA-2025-4063) ruby-bundled-gems-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpmLinux
Ruby-bundled-gems update (ELSA-2025-4063) ruby-bundled-gems-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpmLinux
Ruby update (ELSA-2025-4063) ruby-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpmLinux
Ruby update (ELSA-2025-4063) ruby-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpmLinux
Rubygem-abrt update (ELSA-2025-4063) rubygem-abrt-0.4.0-1.module+el8.7.0+20780+b11ff321.noarch.rpmLinux
Rubygems-devel update (ELSA-2025-4063) rubygems-devel-3.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygems update (ELSA-2025-4063) rubygems-3.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-typeprof update (ELSA-2025-4063) rubygem-typeprof-0.21.3-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-test-unit update (ELSA-2025-4063) rubygem-test-unit-3.5.3-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-rss update (ELSA-2025-4063) rubygem-rss-0.3.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-rexml update (ELSA-2025-4063) rubygem-rexml-3.3.9-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-rdoc update (ELSA-2025-4063) rubygem-rdoc-6.4.1.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-rbs update (ELSA-2025-4063) rubygem-rbs-2.7.0-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpmLinux
Rubygem-rbs update (ELSA-2025-4063) rubygem-rbs-2.7.0-145.module+el8.10.0+90550+7d8a4a30.i686.rpmLinux
Rubygem-rake update (ELSA-2025-4063) rubygem-rake-13.0.6-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-psych update (ELSA-2025-4063) rubygem-psych-4.0.4-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpmLinux
Rubygem-psych update (ELSA-2025-4063) rubygem-psych-4.0.4-145.module+el8.10.0+90550+7d8a4a30.i686.rpmLinux
Rubygem-power_assert update (ELSA-2025-4063) rubygem-power_assert-2.0.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-pg-doc update (ELSA-2025-4063) rubygem-pg-doc-1.3.2-1.module+el8.7.0+20780+b11ff321.noarch.rpmLinux
Rubygem-pg update (ELSA-2025-4063) rubygem-pg-1.3.2-1.module+el8.7.0+20780+b11ff321.x86_64.rpmLinux
Rubygem-mysql2-doc update (ELSA-2025-4063) rubygem-mysql2-doc-0.5.3-2.module+el8.7.0+20780+b11ff321.noarch.rpmLinux
Rubygem-minitest update (ELSA-2025-4063) rubygem-minitest-5.15.0-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234