CVE-2018-1000620

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1000620

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000620.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1000620

Aliases

GHSA-rq8g-5pc5-wrhr

Published

2018-07-09T20:29:00Z

Modified

2025-01-14T07:20:02.586917Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.

References

Affected packages

Git / github.com/hapijs/cryptiles

Affected ranges

Type: GIT
Repo: https://github.com/hapijs/cryptiles
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2d626edfaf18a45b7105276704d453dac22f133f

Affected versions

v.*

v.0.0.2

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.2.0

v0.2.1

v0.2.2

v1.*

v1.0.0

v1.0.1

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.1.0

v3.1.1

v3.1.2