CVE-2013-7295

2014-01-1721:55:14

CWE-310

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

55.4%

JSON

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.

Affected configurations

Nvd

Node

torprojecttorRange≤0.2.4.19

torprojecttorMatch0.2.4.1alpha

torprojecttorMatch0.2.4.2alpha

torprojecttorMatch0.2.4.3alpha

torprojecttorMatch0.2.4.4alpha

torprojecttorMatch0.2.4.5alpha

torprojecttorMatch0.2.4.6alpha

torprojecttorMatch0.2.4.7alpha

torprojecttorMatch0.2.4.8alpha

torprojecttorMatch0.2.4.9alpha

torprojecttorMatch0.2.4.10alpha

torprojecttorMatch0.2.4.11alpha

torprojecttorMatch0.2.4.12alpha

torprojecttorMatch0.2.4.13alpha

torprojecttorMatch0.2.4.14alpha

torprojecttorMatch0.2.4.15rc

torprojecttorMatch0.2.4.16rc

torprojecttorMatch0.2.4.17rc

torprojecttorMatch0.2.4.18rc

VendorProductVersionCPE
torprojecttor*cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*
torprojecttor0.2.4.1cpe:2.3:a:torproject:tor:0.2.4.1:alpha:*:*:*:*:*:*
torprojecttor0.2.4.2cpe:2.3:a:torproject:tor:0.2.4.2:alpha:*:*:*:*:*:*
torprojecttor0.2.4.3cpe:2.3:a:torproject:tor:0.2.4.3:alpha:*:*:*:*:*:*
torprojecttor0.2.4.4cpe:2.3:a:torproject:tor:0.2.4.4:alpha:*:*:*:*:*:*
torprojecttor0.2.4.5cpe:2.3:a:torproject:tor:0.2.4.5:alpha:*:*:*:*:*:*
torprojecttor0.2.4.6cpe:2.3:a:torproject:tor:0.2.4.6:alpha:*:*:*:*:*:*
torprojecttor0.2.4.7cpe:2.3:a:torproject:tor:0.2.4.7:alpha:*:*:*:*:*:*
torprojecttor0.2.4.8cpe:2.3:a:torproject:tor:0.2.4.8:alpha:*:*:*:*:*:*
torprojecttor0.2.4.9cpe:2.3:a:torproject:tor:0.2.4.9:alpha:*:*:*:*:*:*

Vendor	Product	Version	CPE
torproject	tor	*	cpe:2.3:a:torproject:tor::::::::
torproject	tor	0.2.4.1	cpe:2.3:a:torproject:tor:0.2.4.1:alpha::::::
torproject	tor	0.2.4.2	cpe:2.3:a:torproject:tor:0.2.4.2:alpha::::::
torproject	tor	0.2.4.3	cpe:2.3:a:torproject:tor:0.2.4.3:alpha::::::
torproject	tor	0.2.4.4	cpe:2.3:a:torproject:tor:0.2.4.4:alpha::::::
torproject	tor	0.2.4.5	cpe:2.3:a:torproject:tor:0.2.4.5:alpha::::::
torproject	tor	0.2.4.6	cpe:2.3:a:torproject:tor:0.2.4.6:alpha::::::
torproject	tor	0.2.4.7	cpe:2.3:a:torproject:tor:0.2.4.7:alpha::::::
torproject	tor	0.2.4.8	cpe:2.3:a:torproject:tor:0.2.4.8:alpha::::::
torproject	tor	0.2.4.9	cpe:2.3:a:torproject:tor:0.2.4.9:alpha::::::