cbcvebase.
CVE-2008-1147
published 2008-03-04

CVE-2008-1147: A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS…

PriorityP429medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.77%
75.4th percentile
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting.

Affected

24 ranges
VendorProductVersion rangeFixed in
cosmicperldirectory_pro
darwindarwin
darwindarwin
msrcmicrosoft_net_framework_2.0_service_pack_2
msrcmicrosoft_net_framework_3.0_service_pack_2
msrcmicrosoft_net_framework_3.5
msrcmicrosoft_net_framework_3.5.1
msrcmicrosoft_net_framework_3.5_and_4.6.2_4.7_4.7.1_4.7.2
msrcmicrosoft_net_framework_3.5_and_4.6_4.6.1_4.6.2
msrcmicrosoft_net_framework_3.5_and_4.7.1_4.7.2
msrcmicrosoft_net_framework_3.5_and_4.7.2
msrcmicrosoft_net_framework_3.5_and_4.8
msrcmicrosoft_net_framework_4.5.2
msrcmicrosoft_net_framework_4.6
msrcmicrosoft_net_framework_4.6_4.6.1_4.6.2_4.7_4.7.1_4.7.2
msrcmicrosoft_net_framework_4.8
msrcmicrosoft_sharepoint_enterprise_server_2013_service_pack_1
msrcmicrosoft_sharepoint_enterprise_server_2016
msrcmicrosoft_sharepoint_server_2010_service_pack_2
msrcmicrosoft_sharepoint_server_2019
msrcmicrosoft_visual_studio_2017_version_15.9
msrcnet_core_2.1
msrcnet_core_3.1
navisionfinancials_server

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_msrc7.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.