Computer Security
[EN] securityvulns.ru no-pyccku


MurmurHash algorythm vulnerabilities
Published:03.12.2012
Source:
SecurityVulns ID:12738
Type:library
Threat Level:
6/10
Description:It's easy to predict collisions.
Affected:RUBY : ruby 1.9
 ORACLE : JDK 7
 OPENJDK : OpenJDK 7
CVE:CVE-2012-5373 (Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739.)
 CVE-2012-5372 (Rubinius computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm.)
 CVE-2012-5371 (Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.)
 CVE-2012-5370 (JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838.)
Original documentdocumentAndrea Barisani, [oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision (03.12.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod