Specially crafted POST parameters can be used to cause hash table operations
with a time complexity of O(n^2), causing a Denial of Service.
As per $URL, Rubinius is affected. There is no CVE assigned yet for this flaw in Rubinius.
Patch available at https://github.com/rubinius/rubinius/commit/a9a40fc6a1256bcf6382631b710430105c5dd868 but it looks like it adds a dependency in the process.
*** Bug 445342 has been marked as a duplicate of this bug. ***
(In reply to GLSAMaker/CVETool Bot from comment #0)
> CVE-2012-5372 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5372):
> Rubinius computes hash values without properly restricting the ability to
> trigger hash collisions predictably, which allows context-dependent
> attackers to cause a denial of service (CPU consumption) via crafted input
> to an application that maintains a hash table, as demonstrated by a
> universal multicollision attack against the MurmurHash3 algorithm.
Vulnerable ebuilds have been removed. Package was never put into stable.
GLSA coordinators: Please resolve this bug.