VDB
CVE-2024-45751
CVE-2024-45751
PUBLISHED
CVSS 5.900000095367432 MEDIUM
tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.
EPSS 0.31% · 54.6th percentile
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.31%
54.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
Exploit Intelligence
- CIRCL seen: CVE-2024-45751 (circl-sighting)
- CIRCL seen: CVE-2024-45751 (circl-sighting)
- CIRCL seen: CVE-2024-45751 (circl-sighting)
- http://www.openwall.com/lists/oss-security/2024/09/07/2 (circl)
- https://lists.debian.org/debian-lts-announce/2024/11/msg00033.html (circl)
- https://github.com/fujita/tgt/pull/67 (circl)
- https://github.com/fujita/tgt/compare/v1.0.92...v1.0.93 (circl)
- https://www.openwall.com/lists/oss-security/2024/09/07/2 (circl)
Timeline
- Jan 20, 1970 Fix PR Merged
- Sep 6, 2024 CVE Published
- Sep 6, 2024 EPSS Score
- Sep 26, 2024 EPSS Score
- Oct 5, 2024 Coalition ESS Score
- Oct 16, 2024 EPSS Score
- Nov 5, 2024 EPSS Score
- Nov 25, 2024 EPSS Score
- Nov 30, 2024 CVE Updated
- Dec 16, 2024 EPSS Score
- Jan 5, 2025 EPSS Score
- Jan 25, 2025 EPSS Score
References
- https://github.com/fujita/tgt/pull/67 url
- https://github.com/fujita/tgt/compare/v1.0.92...v1.0.93 url
- https://www.openwall.com/lists/oss-security/2024/09/07/2 url
- http://www.openwall.com/lists/oss-security/2024/09/07/2 url
- https://lists.debian.org/debian-lts-announce/2024/11/msg00033.html url
- https://nvd.nist.gov/vuln/detail/CVE-2024-45751 advisory