CRITICAL🇬🇧 English

CVE-2011-4121

CVSS 9.8v3.1pub. 2019-11-26upd. 2024-11-21

The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ruby Lang Ruby

    APP
    Ruby-Lang
    1.8.7.334 – 1.9.3 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2016-2338CRITICAL9.8ten sam produkt

An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Ps...

CVE-2022-28738CRITICAL9.8ten sam produkt

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim at...

CVE-2021-41816CRITICAL9.8ten sam produkt

CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflo...

CVE-2018-16395CRITICAL9.8ten sam produkt

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, a...

CVE-2018-8780CRITICAL9.1ten sam produkt

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir...