← Retour aux CVEs
CVE-2014-0016
N/ADescription
stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.
Details CVE
Score CVSS v3.1N/A
Publie3/24/2014
Derniere modification4/12/2025
Sourcenvd
Observations honeypot0
Produits affectes
stunnel:stunnel
Faiblesses (CWE)
CWE-332
References
http://www.openwall.com/lists/oss-security/2014/03/05/1(secalert@redhat.com)
http://www.securityfocus.com/bid/65964(secalert@redhat.com)
https://bugzilla.redhat.com/attachment.cgi?id=870826&action=diff(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1072180(secalert@redhat.com)
https://www.stunnel.org/sdf_ChangeLog.html(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2014/03/05/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/65964(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/attachment.cgi?id=870826&action=diff(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1072180(af854a3a-2127-422b-91ae-364da2661108)
https://www.stunnel.org/sdf_ChangeLog.html(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.