Rubinius CVE-2012-5372 'MurmurHash3' Algorithm Hash Collision Denial of Service Vulnerability

Rubinius is prone to a denial-of-service vulnerability because it uses hash functions based on the 'MurmurHash3' algorithm, which is vulnerable to predictable hash collisions.

An attacker can exploit this issue by sending specially crafted sequence of strings to an affected application that uses these strings as keys to create a Hash object (like HTTP requests).

Successful exploits will allow attackers to trigger a high CPU consumption that causes a denial-of-service condition.


Privacy Statement
Copyright 2010, SecurityFocus