Information Disclosure

2020-04-1001:07:08

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

ruby is vulnerable to information disclosure. It was found that Ruby did not reinitialize the PRNG (pseudorandom number generator) after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes (as long as the parent process persisted).

CPENameOperatorVersion
rubyeq1.8.1__7.el4_8.3
rubyeq1.8.5__5.el5
rubyeq1.8.5__5.el5_2.5
rubyeq1.8.5__5.el5_4.8
rubyeq1.8.7.299__4.el6
rubyeq1.8.5__5.el5_1.1
rubyeq1.8.7.299__7.el6
rubyeq1.8.5__5.el5_2.6
rubyeq1.8.5__19.el5_6.1
rubyeq1.8.1__7.el4_7.1

Name	Operator	Version
ruby	eq	1.8.1__7.el4_8.3
ruby	eq	1.8.5__5.el5
ruby	eq	1.8.5__5.el5_2.5
ruby	eq	1.8.5__5.el5_4.8
ruby	eq	1.8.7.299__4.el6
ruby	eq	1.8.5__5.el5_1.1
ruby	eq	1.8.7.299__7.el6
ruby	eq	1.8.5__5.el5_2.6
ruby	eq	1.8.5__19.el5_6.1
ruby	eq	1.8.1__7.el4_7.1