CVE-2025-0577

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions...

CVE-2025-0577

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions...

Fedora 41 : glibc (2024-846e191001)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-846e191001 advisory. This update addresses a security vulnerability in the getrandom and arc4random implementation CVE-2024-12455 on POWER systems pcpc64le. Other architectures a...

Medium: c-ares

Issue Overview: Insufficient randomness in generation of DNS query IDs When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from th...

AZL-26874 CVE-2023-31147 affecting package nodejs for versions less than 16.20.1-2

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

Updated libice packages fix security vulnerability

libICE depends on arc4random to generate the session cookies, thereby using a weak mechanism to generate entropy CVE-2017-2626...

SUSE SLES11 Security Update : xorg-x11-server (SUSE-SU-2017:1741-1)

This update for xorg-x11-server fixes the following issues: Security issues : - CVE-2017-2624: Prevent timing attack against MIT cookie. bsc1025029, CVE-2017-2624 Non security issues : - Use arc4random to generate cookies. bsc1025084 - XDrawArc performance improvement bsc1019649 - Fix byte swappi...

FreeBSD - FGPE Stack Clash (PoC) Exploit

Exploit for freebsd/x86 platform in category dos / poc / FreeBSDCVE-2017-FGPE.c for CVE-2017-1084 please compile with -O0 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Fre...

FreeBSD - FGPE Stack Clash (PoC)

FreeBSD - FGPE Stack Clash PoC / FreeBSDCVE-2017-FGPE.c for CVE-2017-1084 please compile with -O0 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation,...

SUSE SLED12 / SLES12 Security Update : xorg-x11-server (SUSE-SU-2017:1675-1)

This update for xorg-x11-server provides the following fixes : - Remove unused function with use-after-free issue. bsc1025035 - Use arc4random to generate cookies. bsc1025084 - Prevent timing attack against MIT cookie. bsc1025029, CVE-2017-2624 - XDrawArc performance improvement. bsc1019649 -...

CVE-2008-5162

The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various...

CVE-2008-5162

The CVE-2008-5162 entry concerns FreeBSD kernel arc4random(9) and its entropy source during the first boot minutes. Technical details across connected docs show: affected software is FreeBSD 6.3–7.1 kernels; problem is insufficient entropy immediately after boot, delaying reseeding from Yarrow an...

FreeBSD arc4random (9)伪随机数生成器不充分漏洞

BUGTRAQ ID: 32447 CVECAN ID: CVE-2008-5162 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD内核中广泛使用arc4random9随机数生成器，一些应用依赖于该随机数生成器的加密强度。arc4random9定期用来自FreeBSD内核的Yarrow随机数生成器的熵重新提供种子，Yarrow随机数生成器从包括硬件中断等各种来源收集熵。在引导阶段，从用户域向Yarrow随机数生成器提供了额外的，以确保加密中有足够的熵。...

PT-2008-6306 · Freebsd · Freebsd

Name of the Vulnerable Software and Affected Versions: FreeBSD versions 6.3 through 7.1 Description: The issue is related to the arc4random function in the kernel, which lacks a proper entropy source for a short time period immediately after boot. This makes it easier for attackers to predict the...

FreeBSD arc4random cryptographic weakness

5 minutes after system start generated psudo-random sequences are weak...

FreeBSD Security Advisory FreeBSD-SA-08:11.arc4random

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08.11.arc4random Security Advisory The FreeBSD Project Topic: arc4random9 predictable sequence vulnerability Category: core Module: sys Announced: 2008-11-24...

FreeBSD-SA-08:11.arc4random

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08.11.arc4random Security Advisory The FreeBSD Project Topic: arc4random9 predictable sequence vulnerability Category: core Module: sys Announced: 2008-11-24...

FreeBSD Security Advisory (FreeBSD-SA-08:11.arc4random.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-08:11.arc4random.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

FreeBSD Security Advisory (FreeBSD-SA-08:11.arc4random.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-08:11.arc4random.asc ADV FreeBSD-SA-08:11.arc4random.asc OpenVAS Vulnerability Test $ Description: Auto generated from ADV FreeBSD-SA-08:11.arc4random.asc Authors: Thomas Reinke Copyright:...

FreeBSD -- arc4random(9) predictable sequence vulnerability

Problem Description: When the arc4random9 random number generator is initialized, there may be inadequate entropy to meet the needs of kernel systems which rely on arc4random9; and it may take up to 5 minutes before arc4random9 is reseeded with secure entropy from the Yarrow random number...