[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-4345Date: (C)2013-10-10   (M)2024-04-17


Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
BID-62740
RHSA-2013:1449
RHSA-2013:1490
RHSA-2013:1645
USN-2064-1
USN-2065-1
USN-2068-1
USN-2070-1
USN-2071-1
USN-2072-1
USN-2074-1
USN-2075-1
USN-2076-1
USN-2109-1
USN-2110-1
USN-2158-1
http://marc.info/?l=linux-crypto-vger&m=137942122902845&w=2
https://bugzilla.redhat.com/show_bug.cgi?id=1007690

CWE    1
CWE-189
OVAL    55
oval:org.secpod.oval:def:106100
oval:org.secpod.oval:def:106020
oval:org.secpod.oval:def:106468
oval:org.secpod.oval:def:106466
...

© SecPod Technologies