VDB
CVE-2011-2705
CVE-2011-2705
PUBLISHED
CVSS 5 MEDIUM
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.
EPSS 0.99% · 77.2th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
0.99%
77.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| ruby-lang | ruby | 0, 1.8.7, 1.8.7 |
Exploit Intelligence
- [oss-security] 20110712 Re: CVE Request: ruby PRNG fixes (circl)
- http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/ (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=722415 (circl)
- [oss-security] 20110720 Re: CVE Request: ruby PRNG fixes (circl)
- RHSA-2011:1581 (circl)
- http://www.ruby-lang.org/en/news/2011/07/15/ruby-1-9-2-p290-is-released/ (circl)
- http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=32050 (circl)
- http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog (circl)
- FEDORA-2011-9374 (circl)
- http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_290/ChangeLog (circl)
…and 5 more exploits
Timeline
- Aug 5, 2011 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- [oss-security] 20110712 Re: CVE Request: ruby PRNG fixes mailing-list
- http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/ url
- https://bugzilla.redhat.com/show_bug.cgi?id=722415 url
- [oss-security] 20110720 Re: CVE Request: ruby PRNG fixes mailing-list
- RHSA-2011:1581 vendor-advisory
- http://www.ruby-lang.org/en/news/2011/07/15/ruby-1-9-2-p290-is-released/ url
- http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=32050 url
- http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog url
- FEDORA-2011-9374 vendor-advisory
- http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_290/ChangeLog url
- [oss-security] 20110720 Re: CVE Request: ruby PRNG fixes mailing-list
- http://redmine.ruby-lang.org/issues/4579 url
- [oss-security] 20110711 CVE Request: ruby PRNG fixes mailing-list
- 49015 vdb
- FEDORA-2011-9359 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2011-2705 advisory
- http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released url
- http://www.ruby-lang.org/en/news/2011/07/15/ruby-1-9-2-p290-is-released url