1235 matches found
AZL-26871 CVE-2023-31147 affecting package grpc for versions less than 1.42.0-10
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...
DEBIAN-CVE-2023-31147
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...
CVE-2023-31147 Insufficient randomness in generation of DNS query IDs in c-ares
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...
CVE-2023-31147 Insufficient randomness in generation of DNS query IDs in c-ares
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...
CVE-2023-2884
Use of Cryptographically Weak Pseudo-Random Number Generator PRNG, Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...
CVE-2023-2884 Insecure Randomness in CBOT's Chatbot
Use of Cryptographically Weak Pseudo-Random Number Generator PRNG, Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...
CVE-2023-2884 Insecure Randomness in CBOT's Chatbot
Use of Cryptographically Weak Pseudo-Random Number Generator PRNG, Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...
GO-2023-1765 Leaked shared secret and weak blinding in github.com/cloudflare/circl
When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...
SUSE CVE-2023-31124
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...
SUSE CVE-2023-31147
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...
Slackware: Security Advisory (SSA:2023-142-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[slackware-security] c-ares
New c-ares packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/c-ares-1.19.1-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: 0-byte UDP payload causes Denial of Service...
CLSA-2023-1684277390 Fix CVE(s): CVE-2022-1012
Bionic update: upstream stable patchset 2022-09-12 LP: 1989374 // CVE-2022-1012 - tcp: use different parts of the portoffset for index and offset - tcp: add small random increments to the source port - tcp: dynamically allocate the perturb table used by source ports - tcp: increase source port...
Insecure Randomness
github.com/cloudflare/circl is vulnerable to Insecure Randomness. Kyber and FrodoKEM did not check whether crypto/rand.Read returned an error, leading to a predictable shared secret. The tkn20 and blindrsa components did not check if enough randomness was returned from the user provided randomnes...
GHSA-2Q89-485C-9J2X Improper random reading in CIRCL
Impact When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did...
Improper random reading in CIRCL
Impact When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did...
CVE-2023-1732
When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...
Design/Logic Flaw
When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...
CVE-2023-1732 Improper random reading in CIRCL
When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...
CVE-2023-1732
CVE-2023-1732 concerns CIRCL (Cloudflare’s Go cryptographic library) where the randomness sampling for Kyber and FrodoKEM did not verify that crypto/rand.Read() succeeded. In rare deployments, Read() could return an error, making the generated shared secret potentially predictable. Additional iss...