Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-0016

Опубликовано: 24 мар. 2014
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:stunnel:stunnel:*:*:*:*:*:*:*:*
Версия до 4.56 (включая)
cpe:2.3:a:stunnel:stunnel:0.1:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:1.0:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:1.1:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:1.2:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:1.3:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:1.4:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:1.5:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:1.6:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:2.0:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:2.1:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.0:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.0:b1:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.0:b2:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.0:b3:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.0:b4:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.0:b5:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.0:b6:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.0:b7:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.1:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.2:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.3:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.4a:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.5:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.6:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8:p1:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8:p2:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8:p3:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8:p4:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8p1:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8p2:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8p3:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8p4:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.21a:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.21b:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.21c:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.23:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.24:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.25:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.26:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.00:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.0:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.01:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.02:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.03:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.04:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.05:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.06:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.07:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.08:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.09:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.10:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.11:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.12:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.13:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.14:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.15:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.16:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.17:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.18:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.19:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.20:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.21:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.22:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.23:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.24:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.25:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.26:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.27:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.28:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.29:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.30:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.31:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.32:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.33:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.34:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.35:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.36:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.37:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.38:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.39:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.40:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.41:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.42:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.43:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.44:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.45:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.46:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.47:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.48:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.49:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.50:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.51:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.52:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.53:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.54:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.55:*:*:*:*:*:*:*

EPSS

Процентиль: 54%
0.00312
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-332

Связанные уязвимости

ubuntu логотип

CVE-2014-0016

ubuntu
около 11 лет назад

stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.

redhat логотип

CVE-2014-0016

redhat
больше 11 лет назад

stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.

debian логотип

CVE-2014-0016

debian
около 11 лет назад

stunnel before 5.00, when using fork threading, does not properly upda ...

github логотип

GHSA-xxr9-37w5-wgwc

github
около 3 лет назад

stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.

fstec логотип

BDU:2015-09778

fstec
почти 11 лет назад

Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации

EPSS

Процентиль: 54%
0.00312
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-332
Уязвимость CVE-2014-0016