Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2021-3538

Good to know:

icon

Date: June 2, 2021

A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker. Converted from WS-2018-0594, on 2021-06-28.

Language: Go

Severity Score

Related Resources (11)

https://github.com/hpcng/sif/security/advisories/GHSA-33m6-q9v5-62r7
https://bugzilla.redhat.com/show_bug.cgi?id=1954376
https://nvd.nist.gov/vuln/detail/CVE-2021-3538
https://github.com/satori/go.uuid/issues/73
https://github.com/satori/go.uuid/pull/75
https://github.com/satori/go.uuid
https://github.com/satori/go.uuid/commit/75cca531ea763666bc46e531da3b4c3b95f64557
https://pkg.go.dev/vuln/GO-2022-0244
https://github.com/satori/go.uuid/commit/d91630c8510268e75203009fe7daf2b8e1d60c45
https://github.com/apptainer/sif/security/advisories/GHSA-33m6-q9v5-62r7
https://www.mend.io/vulnerability-database/CVE-2021-3538

Severity Score

Weakness Type (CWE)

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CWE-338

Top Fix

icon

Upgrade Version

Upgrade to version github.com/satori/go.uuid - v1.2.1-0.20180404165556-75cca531ea76

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us