Total vulnerabilities in the database
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.
Software | From | Fixed in |
---|---|---|
ruby-lang / ruby | 1.8.7-302 | 1.8.7-302.x |
ruby-lang / ruby | 1.8.7-249 | 1.8.7-249.x |
ruby-lang / ruby | 1.8.7-299 | 1.8.7-299.x |
ruby-lang / ruby | - | 1.8.7-334.x |
ruby-lang / ruby | 1.8.7-p71 | 1.8.7-p71.x |
ruby-lang / ruby | 1.8.7-p22 | 1.8.7-p22.x |
ruby-lang / ruby | 1.8.7-330 | 1.8.7-330.x |
ruby-lang / ruby | 1.8.7-160 | 1.8.7-160.x |
ruby-lang / ruby | 1.8.7-173 | 1.8.7-173.x |
ruby-lang / ruby | 1.8.7-p21 | 1.8.7-p21.x |
ruby-lang / ruby | 1.8.7-p72 | 1.8.7-p72.x |
ruby-lang / ruby | 1.8.7-248 | 1.8.7-248.x |
ruby-lang / ruby | 1.9.0-0 | 1.9.0-0.x |
ruby-lang / ruby | 1.9.1--preview_2 | 1.9.1--preview_2.x |
ruby-lang / ruby | 1.9.0 | 1.9.0.x |
ruby-lang / ruby | 1.9.0-1 | 1.9.0-1.x |
ruby-lang / ruby | 1.9.0-r18423 | 1.9.0-r18423.x |
ruby-lang / ruby | 1.9.1--p0 | 1.9.1--p0.x |
ruby-lang / ruby | 1.9.0-20070709 | 1.9.0-20070709.x |
ruby-lang / ruby | 1.9.1--rc2 | 1.9.1--rc2.x |
ruby-lang / ruby | 1.9.1--preview_1 | 1.9.1--preview_1.x |
ruby-lang / ruby | 1.9.2 | 1.9.2.x |
ruby-lang / ruby | 1.9.1--p429 | 1.9.1--p429.x |
ruby-lang / ruby | 1.9.1--rc1 | 1.9.1--rc1.x |
ruby-lang / ruby | 1.9.1 | 1.9.1.x |
ruby-lang / ruby | 1.9.2-dev | 1.9.2-dev.x |
ruby-lang / ruby | 1.9.1--p129 | 1.9.1--p129.x |
ruby-lang / ruby | 1.9.0-20060415 | 1.9.0-20060415.x |
ruby-lang / ruby | 1.9-r18423 | 1.9-r18423.x |
ruby-lang / ruby | 1.9 | 1.9.x |
ruby-lang / ruby | 1.9.1--p243 | 1.9.1--p243.x |
ruby-lang / ruby | 1.9.1--p376 | 1.9.1--p376.x |
ruby-lang / ruby | 1.9.0-2 | 1.9.0-2.x |
ruby-lang / ruby | 1.9.2-p180 | 1.9.2-p180.x |
ruby-lang / ruby | 1.9.2-p136 | 1.9.2-p136.x |