CVE-2015-5276

critical

Description

The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.

References

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142

https://bugzilla.redhat.com/show_bug.cgi?id=1262846

http://www.securitytracker.com/id/1034375

http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html

http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html

Details

Source: Mitre, NVD

Published: 2015-11-17

Updated: 2019-02-12

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Severity: Critical