---
engine: ruby
cve: 2011-2686
url: https://osdir.com/ml/lang-ruby-core/2011-01/msg00917.html
title: Ruby Random Number Generation Local Denial Of Service Vulnerability
date: 2011-07-02
description: |
  Ruby before 1.8.7-p352 does not reset the random seed upon forking, which
  makes it easier for context-dependent attackers to predict the values of
  random numbers by leveraging knowledge of the number sequence obtained in a
  different child process, a related issue to CVE-2003-0900. NOTE: this issue
  exists because of a regression during Ruby 1.8.6 development.
cvss_v2: 5.0
unaffected_versions:
  - "< 1.8.6.399"
patched_versions:
  - ">= 1.8.7.352"