CVE-2016-6313

Sažetak

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.

Reference

http://www.ubuntu.com/usn/USN-3065-1
http://www.ubuntu.com/usn/USN-3064-1
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
http://www.debian.org/security/2016/dsa-3649
http://www.debian.org/security/2016/dsa-3650
http://www.securityfocus.com/bid/92527
https://security.gentoo.org/glsa/201612-01
https://security.gentoo.org/glsa/201610-04
http://www.securitytracker.com/id/1036635
http://rhn.redhat.com/errata/RHSA-2016-2674.html
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

07-11-2023 - 02:33

Objavljeno

13-12-2016 - 20:59