Vulnerability Description
Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 3.11.4 |
| Fedoraproject | Fedora | 18 |
| Redhat | Enterprise Linux | 5 |
| Redhat | Enterprise Mrg | 2.0 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=linux-crypto-vger&m=137942122902845&w=2Patch
- http://rhn.redhat.com/errata/RHSA-2013-1449.html
- http://rhn.redhat.com/errata/RHSA-2013-1490.html
- http://rhn.redhat.com/errata/RHSA-2013-1645.html
- http://www.securityfocus.com/bid/62740
- http://www.ubuntu.com/usn/USN-2064-1
- http://www.ubuntu.com/usn/USN-2065-1
- http://www.ubuntu.com/usn/USN-2068-1
- http://www.ubuntu.com/usn/USN-2070-1
- http://www.ubuntu.com/usn/USN-2071-1
- http://www.ubuntu.com/usn/USN-2072-1
- http://www.ubuntu.com/usn/USN-2074-1
- http://www.ubuntu.com/usn/USN-2075-1
- http://www.ubuntu.com/usn/USN-2076-1
- http://www.ubuntu.com/usn/USN-2109-1
FAQ
What is CVE-2013-4345?
CVE-2013-4345 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms ...
How severe is CVE-2013-4345?
CVE-2013-4345 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4345?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Redhat Enterprise Linux, Redhat Enterprise Mrg.