Description
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
References (10)
Core 10
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/3004
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_freebsd
http://www.securityfocus.com/advisories/3475
Vendor Advisory vendor-advisory
x_refsource_netbsd
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-013.txt.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6823
Various Sources vendor-advisory
x_refsource_mandrake
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0
Vendor Advisory vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000418
Patch, Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/195829
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2001-051.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/853
Various Sources vendor-advisory
x_refsource_engarde
http://www.linuxsecurity.com/advisories/other_advisory-1483.html
Scores
EPSS
0.0137
EPSS Percentile
80.4%
Details
Status
published
Products (10)
openssl/openssl
0.9.1c
openssl/openssl
0.9.2b
openssl/openssl
0.9.3
openssl/openssl
0.9.4
openssl/openssl
0.9.5
openssl/openssl
0.9.6
openssl/openssl
0.9.6a
ssleay/ssleay
0.8.1
ssleay/ssleay
0.9
ssleay/ssleay
0.9.1
Published
Jul 10, 2001
Tracked Since
Feb 18, 2026