Information Exposure in gcc-4.9

Do your applications use this vulnerable package? Test your applications

Overview

The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.

References

CONFIRM
Debian Security Tracker
OpenSuse Security Update
OpenSuse Security Update
RedHat Bugzilla Bug
Security Tracker
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

Low
Integrity

None
Availability

None

CVE: CVE-2015-5276
CWE: CWE-200
Snyk ID: SNYK-DEBIAN8-GCC49-309186
Disclosed: 17 Nov, 2015
Published: 17 Nov, 2015

Information Exposure
Affecting gcc-4.9 package, versions *

Overview

References

CVSS Score

Information Exposure Affecting gcc-4.9 package, versions *

Overview

References

Information Exposure
Affecting gcc-4.9 package, versions *