Unrated severityNVD Advisory· Published Nov 28, 2012· Updated Jun 16, 2026
CVE-2012-5371
CVE-2012-5371
Description
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:*:p286:*:*:*:*:*:*range: <=1.9.3
Patches
Vulnerability mechanics
References
12- securitytracker.com/idnvdPatch
- www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/nvdPatchVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdPatch
- 2012.appsec-forum.ch/conferences/nvd
- asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdfnvd
- secunia.com/advisories/51253nvd
- www.ocert.org/advisories/ocert-2012-001.htmlnvd
- www.osvdb.org/87280nvd
- www.securityfocus.com/bid/56484nvd
- www.ubuntu.com/usn/USN-1733-1nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/79993nvd
- www.131002.net/data/talks/appsec12_slides.pdfnvd
News mentions
0No linked articles in our index yet.