CVE-2015-5276

medium

Description

The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.

References

http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html

http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html

http://www.securitytracker.com/id/1034375

https://bugzilla.redhat.com/show_bug.cgi?id=1262846

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142

Details

Source: MITRE

Published: 2015-11-17

Updated: 2019-02-12

Type: CWE-200

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM