CVE-2015-8851

Опубликовано: 30 мар. 2016

Источник: redhat

CVSS2: 4.3

EPSS Низкий

Описание

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

It was found that NodeJS node-uuid used Math.random() to create a GUID (Globally Unique Identifier) which does not provide enough entropy (on some platforms it only provides 32 bits) which can result in collisions of GUIDs. An attacker could use this to guess GUID values and leverage further attacks against a system using node-uuid.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Software Collections	nodejs010-nodejs-node-uuid	Affected
Red Hat OpenShift Container Platform 3.2	atomic-openshift	Fixed	RHBA-2016:1343	27.06.2016
Red Hat OpenShift Container Platform 3.2	heapster	Fixed	RHBA-2016:1343	27.06.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-331

https://bugzilla.redhat.com/show_bug.cgi?id=1327056nodejs-node-uuid: insecure entropy source - Math.random()

EPSS

Процентиль: 64%

0.00477

Низкий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2015-8851

CVSS3: 7.5

ubuntu

около 6 лет назад

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

CVE-2015-8851

CVSS3: 7.5

nvd

около 6 лет назад

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

CVE-2015-8851

CVSS3: 7.5

debian

около 6 лет назад

node-uuid before 1.4.4 uses insufficiently random data to create a GUI ...

GHSA-265q-28rp-chq5

CVSS3: 7.5

github

почти 6 лет назад

Insecure Entropy Source - Math.random() in node-uuid

EPSS

Процентиль: 64%

0.00477

Низкий

4.3 Medium

CVSS2