VYPR
Unrated severityNVD Advisory· Published Aug 5, 2011· Updated Jun 16, 2026

CVE-2011-2686

CVE-2011-2686

Description

Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

13
  • Ruby Lang/Ruby12 versions
    cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*range: <=1.8.7-334
    • cpe:2.3:a:ruby-lang:ruby:1.8.7-160:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.8.7-173:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.8.7-248:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.8.7-249:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.8.7-299:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.8.7-302:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.8.7-330:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.8.7-p21:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.8.7:p72:*:*:*:*:*:*
  • Range: <1.8.7-p352

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.