CVE-2013-7373
Android < 4.4 - Exposure of Sensitive Information via OpenSSL PRNG Seeding
Title source: llmDescription
Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.
References (5)
Core 5
Core References
Mailing List mailing-list
x_refsource_mlist
http://marc.info/?l=openssl-dev&m=130298304903422&w=2
Various Sources x_refsource_misc
http://emboss.github.io/blog/2013/08/21/openssl-prng-is-not-really-fork-safe/
Various Sources x_refsource_confirm
http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html
Various Sources x_refsource_misc
http://www.reddit.com/r/Android/comments/1k6f03/due_to_a_serious_encryptionrng_flaw_in_android/cblvum5
Mailing List mailing-list
x_refsource_mlist
http://marc.info/?l=openssl-dev&m=130289811108150&w=2
Scores
EPSS
0.0114
EPSS Percentile
62.9%
Details
CWE
CWE-200
Status
published
Products (38)
google/android
1.0
google/android
1.1
google/android
1.5
google/android
1.6
google/android
2.0
google/android
2.0.1
google/android
2.1
google/android
2.2 (2 CPE variants)
google/android
2.2.1
google/android
2.2.2
... and 28 more
Published
Apr 29, 2014
Tracked Since
Feb 18, 2026