CVE-2024-45751

Опубликовано: 06 сент. 2024

Источник: debian

EPSS Низкий

Описание

tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
tgt	fixed	1:1.0.85-1.3		package
tgt	fixed	1:1.0.85-1+deb12u1	bookworm	package

Примечания

https://github.com/fujita/tgt/pull/67
https://github.com/fujita/tgt/commit/abd8e0d987ab56013d360077202bf2aca20a42dd (v1.0.93)
https://www.openwall.com/lists/oss-security/2024/09/07/2

EPSS

Процентиль: 54%

0.00311

Низкий

Связанные уязвимости

CVE-2024-45751

CVSS3: 5.9

ubuntu

больше 1 года назад

tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.

CVE-2024-45751

CVSS3: 5.9

nvd

больше 1 года назад

tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.

SUSE-SU-2025:02740-1

suse-cvrf

6 месяцев назад

Security update for tgt

GHSA-cwq5-xwx7-85wm

CVSS3: 5.9

github

больше 1 года назад

tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.

EPSS

Процентиль: 54%

0.00311

Низкий