cbcvebase.
CVE-2014-0016
published 2014-03-24

CVE-2014-0016: stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes…

PriorityP422medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
2.15%
79.9th percentile
stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.

Affected

103 ranges· showing 25
VendorProductVersion rangeFixed in
debianstunnel4
stunnelstunnel<= 4.56
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.