Denial of Service Vulnerability Found in Ruby
The flaw was discovered by security researchers Alexander Klink and Julian Waelde.
Security researchers Alexander Klink and Julian Waelde have uncovered a vulnerability in Ruby that could enable a hacker to launch a denial of service attack.
"The deterministic hash function used to hash a string in the 1.8 series of Ruby, which makes sure that no other bits of information than the input string itself is involved in generating the hash value, allows for the string’s hash value to be pre-calculated beforehand," writes Softpedia's Eduard Kovacs.
"'By collecting a series of strings that have the identical hash value, an attacker can let Ruby process collide bins of hash tables (including Hash class instances),' reads the issue’s description," Kovacs writes.
Go to "Ruby Flaw Allows Hackers to Launch DoS Attacks" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.