CVE-2013-7295
Published Jan 17, 2014
Last updated 11 years ago
Overview
- Description
- Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 4.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-310
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38E5B597-6BA7-4360-BA84-C8B2DD61C0FE",
"versionEndIncluding": "0.2.4.19"
},
{
"criteria": "cpe:2.3:a:torproject:tor:0.2.4.1:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0CDF07FC-69FD-439D-807F-01B70803C6C6"
},
{
"criteria": "cpe:2.3:a:torproject:tor:0.2.4.2:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8433119-07E6-47BD-B8E6-4E0BBB694811"
},
{
"criteria": "cpe:2.3:a:torproject:tor:0.2.4.3:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5EAA2B8-1923-4BB3-A685-E7B6275E9FD6"
},
{
"criteria": "cpe:2.3:a:torproject:tor:0.2.4.4:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A03FBE6-EC3D-4D24-9447-B75CE67F2737"
},
{
"criteria": "cpe:2.3:a:torproject:tor:0.2.4.5:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40221BB3-73E6-4E7D-8994-BFCC8C8C0EDE"
},
{
"criteria": "cpe:2.3:a:torproject:tor:0.2.4.6:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A1BFADB-776C-4522-9747-2BB094A5091F"
},
{
"criteria": "cpe:2.3:a:torproject:tor:0.2.4.7:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCE1D379-5374-4158-8310-96F2CA67ED61"
},
{
"criteria": "cpe:2.3:a:torproject:tor:0.2.4.8:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "160AC840-E501-4DE4-AF63-E5F987219F6C"
},
{
"criteria": "cpe:2.3:a:torproject:tor:0.2.4.9:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA548CBD-31C5-4261-91A5-0D1314B827F0"
},
{
"criteria": "cpe:2.3:a:torproject:tor:0.2.4.10:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3421BEF-A468-4947-8EA7-02BF500D511C"
},
{
"criteria": "cpe:2.3:a:torproject:tor:0.2.4.11:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15D0BE3B-F4A4-4E18-9D83-487AFB366BBB"
},
{
"criteria": "cpe:2.3:a:torproject:tor:0.2.4.12:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3DDD7F0-D041-40FF-919A-2C905A7E2238"
},
{
"criteria": "cpe:2.3:a:torproject:tor:0.2.4.13:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "088D58DE-5C4D-4E0C-8CF4-3A2109D3F4A2"
},
{
"criteria": "cpe:2.3:a:torproject:tor:0.2.4.14:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "082F51D5-5890-45A9-8EDA-0E0215C0EAEF"
},
{
"criteria": "cpe:2.3:a:torproject:tor:0.2.4.15:rc:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72C8D3FA-8B99-4A4D-BC62-FD50EF77CEC0"
},
{
"criteria": "cpe:2.3:a:torproject:tor:0.2.4.16:rc:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FDFF7FEE-4B36-4B86-8BC2-64C9009B3D80"
},
{
"criteria": "cpe:2.3:a:torproject:tor:0.2.4.17:rc:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5A18B95-0EEB-403C-A9C1-E559DBC64E2E"
},
{
"criteria": "cpe:2.3:a:torproject:tor:0.2.4.18:rc:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCFFA8A6-6D1A-4CFF-95A8-5FF2BE6287C4"
}
],
"operator": "OR"
}
]
}
]