CVE-2013-4345Off-by-one Error in Kernel

CWE-189CWE-193Off-by-one Error18 documents8 sources
Severity
5.8MEDIUMNVD
EPSS
1.1%
top 22.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelFedoraproject FedoraRedhat Enterprise Linux+1 more
Timeline
PublishedOct 10
Latest updateMay 13

Description

Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

Debianlinux/linux_kernel< 3.11.5-1+3
NVDlinux/linux_kernel3.11.4+226
NVDredhat/enterprise_mrg5 versions+4

Also affects: Enterprise Linux 5, 6.0, Fedora 18, 19

Patches

Patch: marc.infoPatch: marc.info

🔴Vulnerability Details

3
GHSA
GHSA-3pw5-42hr-wxmc: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng2022-05-13
CVEList
CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng2013-10-10
OSV
CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng2013-10-10

📋Vendor Advisories

12
Ubuntu
Linux kernel (Raring HWE) vulnerabilities2014-04-01
Ubuntu
Linux kernel (OMAP4) vulnerabilities2014-02-18
Ubuntu
Linux kernel vulnerabilities2014-02-18
Ubuntu
Linux kernel (Saucy HWE) vulnerabilities2014-01-03
Ubuntu
Linux kernel vulnerabilities2014-01-03

💬Community

2
Bugzilla
CVE-2013-4345 kernel: ansi_cprng: off by one error in non-block size request [fedora-all]2013-09-17
Bugzilla
CVE-2013-4345 kernel: ansi_cprng: off by one error in non-block size request2013-09-13
CVE-2013-4345 — Off-by-one Error in Linux Kernel | cvebase