Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2011-2705

The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.

  • Published: Aug 5, 2011
  • Updated: Apr 13, 2023
  • CVE: CVE-2011-2705
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
ruby-lang / ruby 1.8.7-302 1.8.7-302.x
ruby-lang / ruby 1.8.7-249 1.8.7-249.x
ruby-lang / ruby 1.8.7-299 1.8.7-299.x
ruby-lang / ruby - 1.8.7-334.x
ruby-lang / ruby 1.8.7-p71 1.8.7-p71.x
ruby-lang / ruby 1.8.7-p22 1.8.7-p22.x
ruby-lang / ruby 1.8.7-330 1.8.7-330.x
ruby-lang / ruby 1.8.7-160 1.8.7-160.x
ruby-lang / ruby 1.8.7-173 1.8.7-173.x
ruby-lang / ruby 1.8.7-p21 1.8.7-p21.x
ruby-lang / ruby 1.8.7-p72 1.8.7-p72.x
ruby-lang / ruby 1.8.7-248 1.8.7-248.x
ruby-lang / ruby 1.9.0-0 1.9.0-0.x
ruby-lang / ruby 1.9.1--preview_2 1.9.1--preview_2.x
ruby-lang / ruby 1.9.0 1.9.0.x
ruby-lang / ruby 1.9.0-1 1.9.0-1.x
ruby-lang / ruby 1.9.0-r18423 1.9.0-r18423.x
ruby-lang / ruby 1.9.1--p0 1.9.1--p0.x
ruby-lang / ruby 1.9.0-20070709 1.9.0-20070709.x
ruby-lang / ruby 1.9.1--rc2 1.9.1--rc2.x
ruby-lang / ruby 1.9.1--preview_1 1.9.1--preview_1.x
ruby-lang / ruby 1.9.2 1.9.2.x
ruby-lang / ruby 1.9.1--p429 1.9.1--p429.x
ruby-lang / ruby 1.9.1--rc1 1.9.1--rc1.x
ruby-lang / ruby 1.9.1 1.9.1.x
ruby-lang / ruby 1.9.2-dev 1.9.2-dev.x
ruby-lang / ruby 1.9.1--p129 1.9.1--p129.x
ruby-lang / ruby 1.9.0-20060415 1.9.0-20060415.x
ruby-lang / ruby 1.9-r18423 1.9-r18423.x
ruby-lang / ruby 1.9 1.9.x
ruby-lang / ruby 1.9.1--p243 1.9.1--p243.x
ruby-lang / ruby 1.9.1--p376 1.9.1--p376.x
ruby-lang / ruby 1.9.0-2 1.9.0-2.x
ruby-lang / ruby 1.9.2-p180 1.9.2-p180.x
ruby-lang / ruby 1.9.2-p136 1.9.2-p136.x