Описание
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libgcrypt | Will not fix | ||
| Red Hat Enterprise Linux 6 | libgcrypt | Fixed | RHSA-2016:2674 | 08.11.2016 |
| Red Hat Enterprise Linux 7 | libgcrypt | Fixed | RHSA-2016:2674 | 08.11.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.8 Medium
CVSS3
4 Medium
CVSS2
Связанные уязвимости
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
The mixing functions in the random number generator in Libgcrypt befor ...
EPSS
4.8 Medium
CVSS3
4 Medium
CVSS2