4.3

CVE-2014-0016

stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
StunnelStunnel Version <= 4.56
StunnelStunnel Version0.1
StunnelStunnel Version1.0
StunnelStunnel Version1.1
StunnelStunnel Version1.2
StunnelStunnel Version1.3
StunnelStunnel Version1.4
StunnelStunnel Version1.5
StunnelStunnel Version1.6
StunnelStunnel Version2.0
StunnelStunnel Version2.1
StunnelStunnel Version3.0
StunnelStunnel Version3.0 Updateb1
StunnelStunnel Version3.0 Updateb2
StunnelStunnel Version3.0 Updateb3
StunnelStunnel Version3.0 Updateb4
StunnelStunnel Version3.0 Updateb5
StunnelStunnel Version3.0 Updateb6
StunnelStunnel Version3.0 Updateb7
StunnelStunnel Version3.1
StunnelStunnel Version3.2
StunnelStunnel Version3.3
StunnelStunnel Version3.4a
StunnelStunnel Version3.5
StunnelStunnel Version3.6
StunnelStunnel Version3.7
StunnelStunnel Version3.8
StunnelStunnel Version3.8 Updatep1
StunnelStunnel Version3.8 Updatep2
StunnelStunnel Version3.8 Updatep3
StunnelStunnel Version3.8 Updatep4
StunnelStunnel Version3.8p1
StunnelStunnel Version3.8p2
StunnelStunnel Version3.8p3
StunnelStunnel Version3.8p4
StunnelStunnel Version3.9
StunnelStunnel Version3.10
StunnelStunnel Version3.11
StunnelStunnel Version3.12
StunnelStunnel Version3.13
StunnelStunnel Version3.14
StunnelStunnel Version3.15
StunnelStunnel Version3.16
StunnelStunnel Version3.17
StunnelStunnel Version3.18
StunnelStunnel Version3.19
StunnelStunnel Version3.20
StunnelStunnel Version3.21
StunnelStunnel Version3.21a
StunnelStunnel Version3.21b
StunnelStunnel Version3.21c
StunnelStunnel Version3.22
StunnelStunnel Version3.23
StunnelStunnel Version3.24
StunnelStunnel Version3.25
StunnelStunnel Version3.26
StunnelStunnel Version4.00
StunnelStunnel Version4.0
StunnelStunnel Version4.01
StunnelStunnel Version4.02
StunnelStunnel Version4.03
StunnelStunnel Version4.04
StunnelStunnel Version4.05
StunnelStunnel Version4.06
StunnelStunnel Version4.07
StunnelStunnel Version4.08
StunnelStunnel Version4.09
StunnelStunnel Version4.10
StunnelStunnel Version4.11
StunnelStunnel Version4.12
StunnelStunnel Version4.13
StunnelStunnel Version4.14
StunnelStunnel Version4.15
StunnelStunnel Version4.16
StunnelStunnel Version4.17
StunnelStunnel Version4.18
StunnelStunnel Version4.19
StunnelStunnel Version4.20
StunnelStunnel Version4.21
StunnelStunnel Version4.22
StunnelStunnel Version4.23
StunnelStunnel Version4.24
StunnelStunnel Version4.25
StunnelStunnel Version4.26
StunnelStunnel Version4.27
StunnelStunnel Version4.28
StunnelStunnel Version4.29
StunnelStunnel Version4.30
StunnelStunnel Version4.31
StunnelStunnel Version4.32
StunnelStunnel Version4.33
StunnelStunnel Version4.34
StunnelStunnel Version4.35
StunnelStunnel Version4.36
StunnelStunnel Version4.37
StunnelStunnel Version4.38
StunnelStunnel Version4.39
StunnelStunnel Version4.40
StunnelStunnel Version4.41
StunnelStunnel Version4.42
StunnelStunnel Version4.43
StunnelStunnel Version4.44
StunnelStunnel Version4.45
StunnelStunnel Version4.46
StunnelStunnel Version4.47
StunnelStunnel Version4.48
StunnelStunnel Version4.49
StunnelStunnel Version4.50
StunnelStunnel Version4.51
StunnelStunnel Version4.52
StunnelStunnel Version4.53
StunnelStunnel Version4.54
StunnelStunnel Version4.55
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.513
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-332 Insufficient Entropy in PRNG

The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.

http://www.securityfocus.com/bid/65964
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1072180
Third Party Advisory
VDB Entry
Issue Tracking
https://www.stunnel.org/sdf_ChangeLog.html
Vendor Advisory
Release Notes