Описание
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| .NET Core 1.0 on Red Hat Enterprise Linux | rh-dotnetcore10-curl | Not affected | ||
| .NET Core 1.1 on Red Hat Enterprise Linux | rh-dotnetcore11-curl | Not affected | ||
| .NET Core 2.0 on Red Hat Enterprise Linux | rh-dotnet20-curl | Not affected | ||
| Red Hat Enterprise Linux 5 | curl | Not affected | ||
| Red Hat Enterprise Linux 6 | curl | Not affected | ||
| Red Hat Enterprise Linux 7 | curl | Not affected | ||
| Red Hat Enterprise Virtualization 3 | mingw-virt-viewer | Not affected | ||
| Red Hat JBoss Enterprise Web Server 3 | curl | Not affected | ||
| Red Hat Software Collections | httpd24-curl | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Связанные уязвимости
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
curl before version 7.52.1 is vulnerable to an uninitialized random in ...
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
EPSS
6.5 Medium
CVSS3
4.3 Medium
CVSS2