Published: 26 November 2019
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.
CVSS 3 base score: 9.8
ruby1.8 and ruby1.9 not affected. ruby1.9.1 only affected. This seems to only be a problem in a pre-release version of ruby 18.104.22.168 introduced in http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=33155 fix is http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=33633