CVE-2015-5276
GCC < 4.9.4 - Predictable Random Values via Short Reads in std::random_device
Title source: llmDescription
The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
References (5)
Core 5
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1262846
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034375
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html
Scores
EPSS
0.0045
EPSS Percentile
63.8%
Details
CWE
CWE-200
Status
published
Products (1)
gnu/gcc
< 4.9.4
Published
Nov 17, 2015
Tracked Since
Feb 18, 2026