// For flags

CVE-2014-0017

 

Severity Score

1.9
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.

La función RAND_bytes en libssh anterior a 0.6.3, cuando la creación de procesos (“forking”) está habilitada, no restablece debidamente el estado del generador de números pseudo-aleatorios OpenSSL (PRNG), lo que causa que el estado se comparte entre procesos de niños y permite a usuarios locales obtener información sensible mediante el aprovechamiento de una colisión pid.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-12-03 CVE Reserved
  • 2014-03-12 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-310: Cryptographic Issues
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Libssh
Search vendor "Libssh"
Libssh
Search vendor "Libssh" for product "Libssh"
<= 0.6.2
Search vendor "Libssh" for product "Libssh" and version " <= 0.6.2"
-
Affected
Libssh
Search vendor "Libssh"
Libssh
Search vendor "Libssh" for product "Libssh"
0.4.7
Search vendor "Libssh" for product "Libssh" and version "0.4.7"
-
Affected
Libssh
Search vendor "Libssh"
Libssh
Search vendor "Libssh" for product "Libssh"
0.4.8
Search vendor "Libssh" for product "Libssh" and version "0.4.8"
-
Affected
Libssh
Search vendor "Libssh"
Libssh
Search vendor "Libssh" for product "Libssh"
0.5.0
Search vendor "Libssh" for product "Libssh" and version "0.5.0"
-
Affected
Libssh
Search vendor "Libssh"
Libssh
Search vendor "Libssh" for product "Libssh"
0.5.0
Search vendor "Libssh" for product "Libssh" and version "0.5.0"
rc1
Affected
Libssh
Search vendor "Libssh"
Libssh
Search vendor "Libssh" for product "Libssh"
0.5.1
Search vendor "Libssh" for product "Libssh" and version "0.5.1"
-
Affected
Libssh
Search vendor "Libssh"
Libssh
Search vendor "Libssh" for product "Libssh"
0.5.2
Search vendor "Libssh" for product "Libssh" and version "0.5.2"
-
Affected
Libssh
Search vendor "Libssh"
Libssh
Search vendor "Libssh" for product "Libssh"
0.5.3
Search vendor "Libssh" for product "Libssh" and version "0.5.3"
-
Affected
Libssh
Search vendor "Libssh"
Libssh
Search vendor "Libssh" for product "Libssh"
0.5.4
Search vendor "Libssh" for product "Libssh" and version "0.5.4"
-
Affected
Libssh
Search vendor "Libssh"
Libssh
Search vendor "Libssh" for product "Libssh"
0.5.5
Search vendor "Libssh" for product "Libssh" and version "0.5.5"
-
Affected
Libssh
Search vendor "Libssh"
Libssh
Search vendor "Libssh" for product "Libssh"
0.6.0
Search vendor "Libssh" for product "Libssh" and version "0.6.0"
-
Affected
Libssh
Search vendor "Libssh"
Libssh
Search vendor "Libssh" for product "Libssh"
0.6.1
Search vendor "Libssh" for product "Libssh" and version "0.6.1"
-
Affected