Vulnerability Description
The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Gcc | < 4.9.4 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.htmlMailing ListThird Party Advisory
- http://www.securitytracker.com/id/1034375Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1262846Issue TrackingThird Party Advisory
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142Issue TrackingVendor Advisory
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.htmlMailing ListThird Party Advisory
- http://www.securitytracker.com/id/1034375Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1262846Issue TrackingThird Party Advisory
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142Issue TrackingVendor Advisory
FAQ
What is CVE-2015-5276?
CVE-2015-5276 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent ...
How severe is CVE-2015-5276?
CVE-2015-5276 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5276?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Gcc.