CVE-2011-4815

Priority
Description
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting
the ability to trigger hash collisions predictably, which allows
context-dependent attackers to cause a denial of service (CPU consumption)
via crafted input to an application that maintains a hash table.
Notes
 mdeslaur> ruby 1.9+ randomizes hash
Assigned-to
tyhicks
Package
Upstream:released (1.8.7.357)
Patches:
Upstream:http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=34151
Package
Upstream:not-affected
Package
Upstream:not-affected
More Information

Updated: 2019-03-19 12:02:01 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)