4

CVE-2017-11671

Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGcc Version4.6
GnuGcc Version4.7
GnuGcc Version4.8
GnuGcc Version4.9
GnuGcc Version5.0
GnuGcc Version5.1
GnuGcc Version5.2
GnuGcc Version5.3
GnuGcc Version5.4
GnuGcc Version6.0
GnuGcc Version6.1
GnuGcc Version6.2
GnuGcc Version6.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.31
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 2.5 1.4
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

http://openwall.com/lists/oss-security/2017/07/27/2
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/100018
Third Party Advisory
VDB Entry