Home > Vulnerability Database > CVE-2024-45751

Mend.io Vulnerability Database

CVE-2024-45751

Date: September 5, 2024

tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.

Language: C

Severity Score

9.1

Related Resources (8)

Url: https://github.com/fujita/tgt/pull/67

Url: http://www.openwall.com/lists/oss-security/2024/09/07/2

Url: https://security-tracker.debian.org/tracker/CVE-2024-45751

Url: https://www.openwall.com/lists/oss-security/2024/09/07/2

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45751

Url: https://github.com/fujita/tgt/compare/v1.0.92...v1.0.93

Url: https://lists.debian.org/debian-lts-announce/2024/11/msg00033.html

Url: https://www.mend.io/vulnerability-database/CVE-2024-45751

Severity Score

9.1

Weakness Type (CWE)

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CWE-338

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45751

Date: September 5, 2024

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?