4
CVE-2013-7295
- EPSS 0.13%
- Veröffentlicht 17.01.2014 21:55:14
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginTor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Torproject ≫ Tor Version <= 0.2.4.19
Torproject ≫ Tor Version0.2.4.1 Updatealpha
Torproject ≫ Tor Version0.2.4.2 Updatealpha
Torproject ≫ Tor Version0.2.4.3 Updatealpha
Torproject ≫ Tor Version0.2.4.4 Updatealpha
Torproject ≫ Tor Version0.2.4.5 Updatealpha
Torproject ≫ Tor Version0.2.4.6 Updatealpha
Torproject ≫ Tor Version0.2.4.7 Updatealpha
Torproject ≫ Tor Version0.2.4.8 Updatealpha
Torproject ≫ Tor Version0.2.4.9 Updatealpha
Torproject ≫ Tor Version0.2.4.10 Updatealpha
Torproject ≫ Tor Version0.2.4.11 Updatealpha
Torproject ≫ Tor Version0.2.4.12 Updatealpha
Torproject ≫ Tor Version0.2.4.13 Updatealpha
Torproject ≫ Tor Version0.2.4.14 Updatealpha
Torproject ≫ Tor Version0.2.4.15 Updaterc
Torproject ≫ Tor Version0.2.4.16 Updaterc
Torproject ≫ Tor Version0.2.4.17 Updaterc
Torproject ≫ Tor Version0.2.4.18 Updaterc
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.297 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 4.9 | 4.9 |
AV:N/AC:H/Au:N/C:P/I:P/A:N
|