// For flags

CVE-2011-2686

 

Severity Score

9.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.

Ruby en versiones anteriores a la 1.8.7-p352 no resetea la semilla aleatoria después de la creacción de procesos ("forking"), lo que facilita a atacantes dependientes del contexto predecir los valores de números aleatorios basándose en el conocimiento de números de secuencia obtenidos de procesos hijo diferentes. Vulnerabilidad relacionada con la CVE-2003-0900. NOTA: este problema existe debido a una regresión durante el desarrollo de Ruby 1.8.6.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-07-11 CVE Reserved
  • 2011-08-05 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-310: Cryptographic Issues
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 <= 1.8.7-334
Search vendor "Ruby-lang" for product "Ruby" and version " <= 1.8.7-334"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.7
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7"
p22
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.7
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7"
p71
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.7
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7"
p72
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.7-160
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7-160"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.7-173
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7-173"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.7-248
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7-248"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.7-249
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7-249"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.7-299
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7-299"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.7-302
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7-302"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.7-330
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7-330"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.7-p21
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7-p21"
-
Affected