Unrated severityNVD Advisory· Published Aug 5, 2011· Updated Apr 29, 2026
CVE-2011-2705
CVE-2011-2705
Description
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
36cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*+ 35 more
- cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*range: <=1.8.7-334
- cpe:2.3:a:ruby-lang:ruby:1.8.7-160:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.8.7-173:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.8.7-248:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.8.7-249:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.8.7-299:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.8.7-302:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.8.7-330:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.8.7-p21:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.8.7:p72:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.0-0:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.0-1:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.0-2:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.0-20060415:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.0-20070709:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.0:r18423:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:-p376:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:-p429:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.2:dev:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.2-p136:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.2-p180:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9:r18423:*:*:*:*:*:*
- (no CPE)range: < 1.8.7-p352 or < 1.9.2-p290
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- lists.fedoraproject.org/pipermail/package-announce/2011-July/063062.htmlnvdPatch
- svn.ruby-lang.org/cgi-bin/viewvc.cginvdPatch
- www.openwall.com/lists/oss-security/2011/07/11/1nvdPatch
- www.openwall.com/lists/oss-security/2011/07/12/14nvdPatch
- www.openwall.com/lists/oss-security/2011/07/20/1nvdPatch
- www.openwall.com/lists/oss-security/2011/07/20/16nvdPatch
- www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/nvdPatch
- www.ruby-lang.org/en/news/2011/07/15/ruby-1-9-2-p290-is-released/nvdPatch
- bugzilla.redhat.com/show_bug.cginvdPatch
- lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.htmlnvd
- redmine.ruby-lang.org/issues/4579nvd
- svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLognvd
- svn.ruby-lang.org/repos/ruby/tags/v1_9_2_290/ChangeLognvd
- www.redhat.com/support/errata/RHSA-2011-1581.htmlnvd
- www.securityfocus.com/bid/49015nvd
News mentions
0No linked articles in our index yet.