返回 CVE 浏览器

CVE-2011-4121

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1860%

EPSS Percentile35.70th

Published2019年11月26日

Last Modified2024年11月21日

Vulnerability Description

The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.

Affected Platforms (CPE)

📦

Ruby Lang

Ruby

>= 1.8.7.334 and < 1.9.3

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2013/07/01/1

🔗 https://access.redhat.com/security/cve/cve-2011-4121

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4121

🔗 https://security-tracker.debian.org/tracker/CVE-2011-4121

🔗 http://www.openwall.com/lists/oss-security/2013/07/01/1

🔗 https://access.redhat.com/security/cve/cve-2011-4121

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4121

🔗 https://security-tracker.debian.org/tracker/CVE-2011-4121

相关漏洞威胁

CVE-2008-266310.0

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p23...

CVE-2009-412410.0

Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent att...

CVE-2008-266210.0

Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8....

CVE-2010-311910.0

Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to c...