VDB
CVE-2011-2686
CVE-2011-2686
PUBLISHED
CVSS 5 MEDIUM
Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.
EPSS 0.67% · 71.2th percentile
Risk Scores
CVSS v2.0
5
EPSS Score
0.67%
71.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| ruby-lang | ruby | 0, 1.8.7, 1.8.7 |
Timeline
- Aug 5, 2011 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 28, 2022 EPSS Score
- May 19, 2022 EPSS Score
- Sep 1, 2022 EPSS Score
- Oct 23, 2022 EPSS Score
- Dec 14, 2022 EPSS Score
- Feb 4, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 28, 2023 EPSS Score
- Jul 10, 2023 EPSS Score
- Aug 31, 2023 EPSS Score
References
- [oss-security] 20110712 Re: CVE Request: ruby PRNG fixes mailing-list
- http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/ url
- https://bugzilla.redhat.com/show_bug.cgi?id=722415 url
- [oss-security] 20110720 Re: CVE Request: ruby PRNG fixes mailing-list
- http://redmine.ruby-lang.org/issues/show/4338 url
- http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog url
- http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=31713 url
- FEDORA-2011-9374 vendor-advisory
- ruby-random-number-dos(69032) vdb
- [oss-security] 20110720 Re: CVE Request: ruby PRNG fixes mailing-list
- [oss-security] 20110711 CVE Request: ruby PRNG fixes mailing-list
- 49015 vdb
- FEDORA-2011-9359 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2011-2686 advisory
- http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released url