PT-2015-6827 · Gnu+2 · Gcc+2

Lee Clagett

Published

2015-10-07

Updated

2024-06-15

CVE-2015-5276

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions GNU Compiler Collection (GCC) versions prior to 4.9.4

Description The issue concerns the std::random device class in libstdc++ which does not handle short reads from blocking sources properly. This makes it easier for attackers to predict random values.

Recommendations For versions prior to 4.9.4, update to version 4.9.4 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2019-1174

CVE-2015-5276

MGASA-2015-0449

OPENSUSE-SU-2024:10542-1

SUSE-SU-2015:1833-1

SUSE-SU-2015_1833-1

SUSE-SU-2016:0908-2

SUSE-SU-2016:0963-1

SUSE-SU-2016_0908-2

SUSE-SU-2016_0963-1

SUSE-SU-2017:0379-1

SUSE-SU-2017:2235-1

SUSE-SU-2017_0379-1

SUSE-SU-2017_2235-1

Affected Products

Alt Linux

Gcc

Suse

PT-2015-6827 · Gnu+2 · Gcc+2

CVE-2015-5276

Weakness Enumeration

Related Identifiers

Affected Products

References · 112