7 matches found
CVE-2011-4815
CVE-2011-4815 affects Ruby (CRuby) and is caused by a hash function implementation that allows predictable hash collisions, enabling context-dependent attackers to cause a denial of service through CPU consumption when Ruby hashes are fed crafted input. Connected advisories confirm multiple vendo...
CVE-2011-0188
CVE-2011-0188 concerns memory allocation in the BigDecimal implementation (bigdecimal.c) for Ruby 1.9.2-p136 and earlier, used on macOS before 10.6.7 and other platforms. The issue is that VpMemAlloc may misallocate memory for very large BigDecimal values in 64-bit processes, enabling context-dep...
CVE-2011-2705
CVE-2011-2705 affects Ruby’s SecureRandom.init in lib/securerandom.rb. The vulnerability arises because SecureRandom.random_bytes relies on PID values for initialization in Ruby versions prior to 1.8.7-p352 and 1.9.x prior to 1.9.2-p290, enabling context-dependent attackers to predict the generat...
CVE-2011-1004
CVE-2011-1004 affects Ruby 1.8.6–1.9.3dev; the FileUtils.remove_entry_secure method is vulnerable to a symlink race, allowing local users to delete arbitrary files. Affected versions and impact are documented in trusted advisories. Remediation mentioned in connected docs includes upgrading to Rub...
CVE-2011-1005
The CVE-2011-1005 issue affects Ruby’s safe-level mechanism (Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev), where untrusted strings could be modified via Exception#to_s, enabling context-dependent attackers to alter a pathname. Public advisories reference this vulnerability...
CVE-2011-3009
CVE-2011-3009 is confirmed in connected advisories as affecting Ruby before 1.8.6-p114, where the random seed is not reset on fork, enabling context-dependent prediction of random numbers (related to CVE-2003-0900). MiracleLinux advisories list this CVE among affected Ruby packages and indicate r...
CVE-2011-2686
CVE-2011-2686 affects Ruby (MRI) older than 1.8.7-p352; it arises from a regression in 1.8.6 where the random seed is not reset on fork, allowing context-dependent attackers to predict random numbers from a child process. The issue is fixed in Ruby 1.8.7-p352 and later. No exploitation details ar...