Eric Wong

**Name of the Vulnerable Software and Affected Versions** Ruby versions prior to 2.2.10 Ruby versions 2.3.x prior to 2.3.7 Ruby versions 2.4.x prior to 2.4.4 Ruby versions 2.5.x prior to 2.5.1 Ruby version 2.6.0-preview1 **Description** The issue is related to uncontrolled resource consumption in the WEBrick library of the Ruby programming language. An attacker can exploit this by sending a large HTTP request with a crafted header to the WEBrick server or a crafted body to the WEBrick server/handler, causing a denial of service due to memory consumption. **Recommendations** For Ruby versions prior to 2.2.10, update to version 2.2.10 or later. For Ruby versions 2.3.x prior to 2.3.7, update to version 2.3.7 or later. For Ruby versions 2.4.x prior to 2.4.4, update to version 2.4.4 or later. For Ruby versions 2.5.x prior to 2.5.1, update to version 2.5.1 or later. For Ruby version 2.6.0-preview1, update to a later version.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 4.4 **Description** The issue arises from the improper seeding of the OpenSSL PRNG in Android, making it easier for attackers to defeat cryptographic protection mechanisms. This is particularly concerning when the PRNG is used within multiple applications. **Recommendations** For Android versions prior to 4.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.