GCVE - cpe:2.3:a:ruby-lang:ruby:1.9.0:r18423:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ruby-lang:ruby:1.9.0:r18423:*:*:*:*:*:*

part: a version: 1.9.0 update: r18423

Vendor	Ruby Lang (`5813a634-c286-5f1d-90d5-a1a352f78d39`)
Product	Ruby (`48f7c14c-c576-5b15-be87-22eeb9add91e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/ruby/ruby`	purl2cpe	2026-06-01 10:11:45.563132
`pkg:ruby-lang/ruby`	purl2cpe	2026-06-01 10:11:45.563134

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-2705`	vulnerable	2026-06-03 14:31:09.971811	Details available The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID. Published: 2011-08-05T21:00:00.000Z Updated: 2024-08-06T23:08:23.972Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2011/07/12/14 http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/ https://bugzilla.redhat.com/show_bug.cgi?id=722415 http://www.openwall.com/lists/oss-security/2011/07/20/16 http://www.redhat.com/support/errata/RHSA-2011-1581.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-0188`	vulnerable	2026-06-03 14:30:47.735779	Details available The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue." Published: 2011-03-23T01:00:00.000Z Updated: 2024-08-06T21:43:15.487Z Open on db.gcve.eu Reference links http://www.redhat.com/support/errata/RHSA-2011-0910.html http://www.securitytracker.com/id?1025236 http://www.mandriva.com/security/advisories?name=MDVSA-2011:098 http://www.redhat.com/support/errata/RHSA-2011-0909.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-3443`	vulnerable	2026-06-03 14:28:53.806967	Details available The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick. Published: 2008-08-14T23:00:00.000Z Updated: 2024-08-07T09:37:26.963Z Open on db.gcve.eu Reference links http://secunia.com/advisories/31430 https://usn.ubuntu.com/651-1/ http://secunia.com/advisories/33185 http://www.debian.org/security/2009/dsa-1695 http://support.apple.com/kb/HT3549	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.