CVE-2024-45751: tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the...
0.0
CVSS
Description
tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.
Classification
CVE ID: CVE-2024-45751
CVSS Base Severity: LOW
CVSS Base Score: 0.0
Affected Products
Vendor: n/a
Product: n/a
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 17.81% (scored less or equal to compared to others)
EPSS Date: 2025-02-03 (when was this score calculated)
References
https://github.com/fujita/tgt/pull/67https://github.com/fujita/tgt/compare/v1.0.92...v1.0.93
https://www.openwall.com/lists/oss-security/2024/09/07/2