CVE-2011-4121
Published: 26 November 2019
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.
Notes
| Author | Note |
|---|---|
| jdstrand | ruby1.8 and ruby1.9 not affected. ruby1.9.1 only affected. This seems to only be a problem in a pre-release version of ruby 1.9.4.0 introduced in http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=33155 fix is http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=33633 |
Priority
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 9.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |