CVE-2024-45751

MEDIUM

tgt <1.0.93 - Info Disclosure

Title source: llm

Description

tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.

References (5)

[Various Sources] https://github.com/fujita/tgt/compare/v1.0.92...v1.0.93

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/11/msg00033.html

[Mailing List] https://www.openwall.com/lists/oss-security/2024/09/07/2

[Issue Tracking] https://github.com/fujita/tgt/pull/67

[Mailing List] http://www.openwall.com/lists/oss-security/2024/09/07/2

Scores

CVSS v3 5.9

EPSS 0.0031

EPSS Percentile 54.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-338

Status published

Published Sep 06, 2024

Tracked Since Feb 18, 2026