Main Vulnerability Database Vulnerabilities #VU28259

#VU28259 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Gnu Compiler Collection - CVE-2019-15847

Published: May 26, 2020

Vulnerability identifier: #VU28259

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-15847

CWE-ID: CWE-338

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Gnu Compiler Collection

Software vendor:
GNU

Description

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists due to the POWER9 backend in GNU Compiler Collection (GCC) can optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This vulnerability may weaken security features that rely on random number generator.

Remediation

Install updates from vendor's website.

#VU28259 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Gnu Compiler Collection - CVE-2019-15847

Description

Remediation

External links

Please verify you're human