CVE-2014-4192
Published Jun 17, 2014
Last updated 3 years ago
Overview
- Description
- The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) processes certain requests for output bytes by considering only the requested byte count and not the use of cached bytes, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-310
Evaluator
- Comment
- As with CVE-2007-6755 this vulnerability has been scored with the assumption the relationship between P and Q is known to the attacker. Please see CVE-2007-6755 [link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6755] more information.
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:bsafe_share:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3E53F40-415C-4793-94D3-A4F51734C199"
}
],
"operator": "OR"
}
]
}
]