Sha256: 930d6038852bab2cc9f090be7cf65ac89380d1f48c5018d250bfcd2399008390

Contents?: true

Size: 681 Bytes

Versions: 6

Compression:

Stored size: 681 Bytes

Contents

---
engine: jruby
cve: 2012-5370
osvdb: 87864
url: http://jruby.org/2012/12/03/jruby-1-7-1
title: JRuby MurmurHash Implementation Hash Collision Remote DoS
date: 2012-11-23
description: |
  JRuby contains a flaw related to the MurmurHash implementation that may allow
  a remote denial of service. The issue is triggered when hash values are
  computed without having the ability to cause hash collisions restricted. When
  sending specially crafted input to an application maintaining a hash table, a
  context-dependent attacker can cause a consumption of CPU resources. This
  will result in a loss of availability for the program.
cvss_v2: 5.0
patched_versions:
  - ">= 1.7.1"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/rubies/jruby/CVE-2012-5370.yml
bundler-budit-0.6.2 data/ruby-advisory-db/rubies/jruby/CVE-2012-5370.yml
bundler-budit-0.6.1 data/ruby-advisory-db/rubies/jruby/CVE-2012-5370.yml
bundler-audit-0.6.1 data/ruby-advisory-db/rubies/jruby/CVE-2012-5370.yml
bundler-audit-0.6.0 data/ruby-advisory-db/rubies/jruby/CVE-2012-5370.yml
bundler-audit-0.5.0 data/ruby-advisory-db/rubies/jruby/CVE-2012-5370.yml