Vulnerability Description
Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | <= 4.3.1 |
Related Weaknesses (CWE)
References
- http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.htm
- http://emboss.github.io/blog/2013/08/21/openssl-prng-is-not-really-fork-safe/
- http://marc.info/?l=openssl-dev&m=130289811108150&w=2
- http://marc.info/?l=openssl-dev&m=130298304903422&w=2
- http://www.reddit.com/r/Android/comments/1k6f03/due_to_a_serious_encryptionrng_f
- http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.htm
- http://emboss.github.io/blog/2013/08/21/openssl-prng-is-not-really-fork-safe/
- http://marc.info/?l=openssl-dev&m=130289811108150&w=2
- http://marc.info/?l=openssl-dev&m=130298304903422&w=2
- http://www.reddit.com/r/Android/comments/1k6f03/due_to_a_serious_encryptionrng_f
FAQ
What is CVE-2013-7373?
CVE-2013-7373 is a vulnerability with a CVSS score of 7.5 (HIGH). Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within mul...
How severe is CVE-2013-7373?
CVE-2013-7373 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7373?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.