CVE-2011-4815

N/A Unknown

Published: December 30, 2011 Modified: April 29, 2026

Description

Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html

Source: cve@mitre.org

http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606

Source: cve@mitre.org

http://jvn.jp/en/jp/JVN90615481/index.html

Source: cve@mitre.org

http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2012-0069.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2012-0070.html

Source: cve@mitre.org

http://secunia.com/advisories/47405

Source: cve@mitre.org

http://secunia.com/advisories/47822

Source: cve@mitre.org

http://support.apple.com/kb/HT5281

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/903934

Source: cve@mitre.org

US Government Resource

http://www.nruns.com/_downloads/advisory28122011.pdf

Source: cve@mitre.org

http://www.ocert.org/advisories/ocert-2011-003.html

Source: cve@mitre.org

http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/

Source: cve@mitre.org

http://www.securitytracker.com/id?1026474

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/72020

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606

Source: af854a3a-2127-422b-91ae-364da2661108

http://jvn.jp/en/jp/JVN90615481/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2012-0069.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2012-0070.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/47405

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/47822

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT5281

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/903934

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.nruns.com/_downloads/advisory28122011.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ocert.org/advisories/ocert-2011-003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1026474

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/72020

Source: af854a3a-2127-422b-91ae-364da2661108

32 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

4.2%

90th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-20

Affected Vendors

ruby-lang

Related CVEs

CVE-2026-9677 N/A

CVE-2026-13245 6.1

CVE-2026-12404 5.3

CVE-2026-10820 N/A

CVE-2026-12415 9.8