Unrated severityNVD Advisory· Published Dec 30, 2011· Updated Apr 29, 2026
CVE-2011-4815
CVE-2011-4815
Description
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*range: <=1.8.7-p352
- cpe:2.3:a:ruby-lang:ruby:1.8.7-p299:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.8.7-p302:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.8.7-p330:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.8.7-p334:*:*:*:*:*:*:*
- (no CPE)range: <1.8.7-p357
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
16- www.kb.cert.org/vuls/id/903934nvdUS Government Resource
- archives.neohapsis.com/archives/bugtraq/2011-12/0181.htmlnvd
- blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606nvd
- jvn.jp/en/jp/JVN90615481/index.htmlnvd
- jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.htmlnvd
- lists.apple.com/archives/security-announce/2012/May/msg00001.htmlnvd
- rhn.redhat.com/errata/RHSA-2012-0069.htmlnvd
- rhn.redhat.com/errata/RHSA-2012-0070.htmlnvd
- secunia.com/advisories/47405nvd
- secunia.com/advisories/47822nvd
- support.apple.com/kb/HT5281nvd
- www.nruns.com/_downloads/advisory28122011.pdfnvd
- www.ocert.org/advisories/ocert-2011-003.htmlnvd
- www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/nvd
- www.securitytracker.com/idnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/72020nvd
News mentions
0No linked articles in our index yet.