4.3
CVE-2013-1445
- EPSS 2.01%
- Veröffentlicht 26.10.2013 17:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle security@debian.org
- CVE-Watchlists
- Unerledigt
The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.01% | 0.783 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
http://www.debian.org/security/2013/dsa-2781
http://www.openwall.com/lists/oss-security/2013/10/17/3
https://github.com/dlitz/pycrypto/commit/19dcf7b15d61b7dc1a125a367151de40df6ef175