3 matches found
CVE-2011-0188
CVE-2011-0188 concerns memory allocation in the BigDecimal implementation (bigdecimal.c) for Ruby 1.9.2-p136 and earlier, used on macOS before 10.6.7 and other platforms. The issue is that VpMemAlloc may misallocate memory for very large BigDecimal values in 64-bit processes, enabling context-dep...
CVE-2011-2705
CVE-2011-2705 affects Ruby’s SecureRandom.init in lib/securerandom.rb. The vulnerability arises because SecureRandom.random_bytes relies on PID values for initialization in Ruby versions prior to 1.8.7-p352 and 1.9.x prior to 1.9.2-p290, enabling context-dependent attackers to predict the generat...
CVE-2010-2489
Ruby 1.9.x before 1.9.1-p429 on Windows is affected by a buffer overflow in ARGF.inplace_mode used when constructing backup filenames, allowing local privilege escalation. The issue is addressed in Ruby 1.9.1-p429 (Ruby on Windows update). Affected components: Ruby 1.9.x, ARGF.inplace_mode handli...