CVE-2013-7295

Published Jan 17, 2014

Last updated 11 years ago

CVSS info 4.0

Overview

Description: Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 4.9
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-310

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38E5B597-6BA7-4360-BA84-C8B2DD61C0FE",
            "versionEndIncluding": "0.2.4.19"
          },
          {
            "criteria": "cpe:2.3:a:torproject:tor:0.2.4.1:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CDF07FC-69FD-439D-807F-01B70803C6C6"
          },
          {
            "criteria": "cpe:2.3:a:torproject:tor:0.2.4.2:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8433119-07E6-47BD-B8E6-4E0BBB694811"
          },
          {
            "criteria": "cpe:2.3:a:torproject:tor:0.2.4.3:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5EAA2B8-1923-4BB3-A685-E7B6275E9FD6"
          },
          {
            "criteria": "cpe:2.3:a:torproject:tor:0.2.4.4:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A03FBE6-EC3D-4D24-9447-B75CE67F2737"
          },
          {
            "criteria": "cpe:2.3:a:torproject:tor:0.2.4.5:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40221BB3-73E6-4E7D-8994-BFCC8C8C0EDE"
          },
          {
            "criteria": "cpe:2.3:a:torproject:tor:0.2.4.6:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A1BFADB-776C-4522-9747-2BB094A5091F"
          },
          {
            "criteria": "cpe:2.3:a:torproject:tor:0.2.4.7:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCE1D379-5374-4158-8310-96F2CA67ED61"
          },
          {
            "criteria": "cpe:2.3:a:torproject:tor:0.2.4.8:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "160AC840-E501-4DE4-AF63-E5F987219F6C"
          },
          {
            "criteria": "cpe:2.3:a:torproject:tor:0.2.4.9:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA548CBD-31C5-4261-91A5-0D1314B827F0"
          },
          {
            "criteria": "cpe:2.3:a:torproject:tor:0.2.4.10:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3421BEF-A468-4947-8EA7-02BF500D511C"
          },
          {
            "criteria": "cpe:2.3:a:torproject:tor:0.2.4.11:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15D0BE3B-F4A4-4E18-9D83-487AFB366BBB"
          },
          {
            "criteria": "cpe:2.3:a:torproject:tor:0.2.4.12:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3DDD7F0-D041-40FF-919A-2C905A7E2238"
          },
          {
            "criteria": "cpe:2.3:a:torproject:tor:0.2.4.13:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "088D58DE-5C4D-4E0C-8CF4-3A2109D3F4A2"
          },
          {
            "criteria": "cpe:2.3:a:torproject:tor:0.2.4.14:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "082F51D5-5890-45A9-8EDA-0E0215C0EAEF"
          },
          {
            "criteria": "cpe:2.3:a:torproject:tor:0.2.4.15:rc:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72C8D3FA-8B99-4A4D-BC62-FD50EF77CEC0"
          },
          {
            "criteria": "cpe:2.3:a:torproject:tor:0.2.4.16:rc:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDFF7FEE-4B36-4B86-8BC2-64C9009B3D80"
          },
          {
            "criteria": "cpe:2.3:a:torproject:tor:0.2.4.17:rc:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5A18B95-0EEB-403C-A9C1-E559DBC64E2E"
          },
          {
            "criteria": "cpe:2.3:a:torproject:tor:0.2.4.18:rc:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCFFA8A6-6D1A-4CFF-95A8-5FF2BE6287C4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References