Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 445342

Summary: dev-lang/rubinius: Hash collision DoS (CVE-2012-5372)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: minor CC: ruby
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [upstream]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2012-11-30 13:17:48 UTC 
CVE-2012-5372 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5372):
  Rubinius computes hash values without properly restricting the ability to
  trigger hash collisions predictably, which allows context-dependent
  attackers to cause a denial of service (CPU consumption) via crafted input
  to an application that maintains a hash table, as demonstrated by a
  universal multicollision attack against the MurmurHash3 algorithm.
Comment 1 Manuel RĂ¼ger (RETIRED) gentoo-dev 2015-07-02 09:30:48 UTC 

*** This bug has been marked as a duplicate of bug 396399 ***