CVE-2018-1426

critical

Description

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.

References

Advisories
More

http://www.securitytracker.com/id/1041012

http://www.securityfocus.com/bid/105580

https://exchange.xforce.ibmcloud.com/vulnerabilities/139071

http://www.ibm.com/support/docview.wss?uid=swg22013756

Details

Source: Mitre, NVD

Published: 2018-03-22

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.0086