Vulnerability Details CVE-2014-0016
stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.8%
CVSS Severity
CVSS v2 Score 4.3
References
- http://www.openwall.com/lists/oss-security/2014/03/05/1
- http://www.securityfocus.com/bid/65964
- https://bugzilla.redhat.com/attachment.cgi?id=870826&action=diff
- https://bugzilla.redhat.com/show_bug.cgi?id=1072180
- https://www.stunnel.org/sdf_ChangeLog.html
- http://www.openwall.com/lists/oss-security/2014/03/05/1
- http://www.securityfocus.com/bid/65964
- https://bugzilla.redhat.com/attachment.cgi?id=870826&action=diff
- https://bugzilla.redhat.com/show_bug.cgi?id=1072180
- https://www.stunnel.org/sdf_ChangeLog.html
Products affected by CVE-2014-0016
-
cpe:2.3:a:stunnel:stunnel:0.1
-
cpe:2.3:a:stunnel:stunnel:1.0
-
cpe:2.3:a:stunnel:stunnel:1.1
-
cpe:2.3:a:stunnel:stunnel:1.2
-
cpe:2.3:a:stunnel:stunnel:1.3
-
cpe:2.3:a:stunnel:stunnel:1.4
-
cpe:2.3:a:stunnel:stunnel:1.5
-
cpe:2.3:a:stunnel:stunnel:1.6
-
cpe:2.3:a:stunnel:stunnel:2.0
-
cpe:2.3:a:stunnel:stunnel:2.1
-
cpe:2.3:a:stunnel:stunnel:3.0
-
cpe:2.3:a:stunnel:stunnel:3.1
-
cpe:2.3:a:stunnel:stunnel:3.10
-
cpe:2.3:a:stunnel:stunnel:3.11
-
cpe:2.3:a:stunnel:stunnel:3.12
-
cpe:2.3:a:stunnel:stunnel:3.13
-
cpe:2.3:a:stunnel:stunnel:3.14
-
cpe:2.3:a:stunnel:stunnel:3.15
-
cpe:2.3:a:stunnel:stunnel:3.16
-
cpe:2.3:a:stunnel:stunnel:3.17
-
cpe:2.3:a:stunnel:stunnel:3.18
-
cpe:2.3:a:stunnel:stunnel:3.19
-
cpe:2.3:a:stunnel:stunnel:3.2
-
cpe:2.3:a:stunnel:stunnel:3.20
-
cpe:2.3:a:stunnel:stunnel:3.21
-
cpe:2.3:a:stunnel:stunnel:3.21a
-
cpe:2.3:a:stunnel:stunnel:3.21b
-
cpe:2.3:a:stunnel:stunnel:3.21c
-
cpe:2.3:a:stunnel:stunnel:3.22
-
cpe:2.3:a:stunnel:stunnel:3.23
-
cpe:2.3:a:stunnel:stunnel:3.24
-
cpe:2.3:a:stunnel:stunnel:3.25
-
cpe:2.3:a:stunnel:stunnel:3.26
-
cpe:2.3:a:stunnel:stunnel:3.3
-
cpe:2.3:a:stunnel:stunnel:3.4a
-
cpe:2.3:a:stunnel:stunnel:3.5
-
cpe:2.3:a:stunnel:stunnel:3.6
-
cpe:2.3:a:stunnel:stunnel:3.7
-
cpe:2.3:a:stunnel:stunnel:3.8
-
cpe:2.3:a:stunnel:stunnel:3.8p1
-
cpe:2.3:a:stunnel:stunnel:3.8p2
-
cpe:2.3:a:stunnel:stunnel:3.8p3
-
cpe:2.3:a:stunnel:stunnel:3.8p4
-
cpe:2.3:a:stunnel:stunnel:3.9
-
cpe:2.3:a:stunnel:stunnel:4.0
-
cpe:2.3:a:stunnel:stunnel:4.00
-
cpe:2.3:a:stunnel:stunnel:4.01
-
cpe:2.3:a:stunnel:stunnel:4.02
-
cpe:2.3:a:stunnel:stunnel:4.03
-
cpe:2.3:a:stunnel:stunnel:4.04
-
cpe:2.3:a:stunnel:stunnel:4.05
-
cpe:2.3:a:stunnel:stunnel:4.06
-
cpe:2.3:a:stunnel:stunnel:4.07
-
cpe:2.3:a:stunnel:stunnel:4.08
-
cpe:2.3:a:stunnel:stunnel:4.09
-
cpe:2.3:a:stunnel:stunnel:4.10
-
cpe:2.3:a:stunnel:stunnel:4.11
-
cpe:2.3:a:stunnel:stunnel:4.12
-
cpe:2.3:a:stunnel:stunnel:4.13
-
cpe:2.3:a:stunnel:stunnel:4.14
-
cpe:2.3:a:stunnel:stunnel:4.15
-
cpe:2.3:a:stunnel:stunnel:4.16
-
cpe:2.3:a:stunnel:stunnel:4.17
-
cpe:2.3:a:stunnel:stunnel:4.18
-
cpe:2.3:a:stunnel:stunnel:4.19
-
cpe:2.3:a:stunnel:stunnel:4.20
-
cpe:2.3:a:stunnel:stunnel:4.21
-
cpe:2.3:a:stunnel:stunnel:4.22
-
cpe:2.3:a:stunnel:stunnel:4.23
-
cpe:2.3:a:stunnel:stunnel:4.24
-
cpe:2.3:a:stunnel:stunnel:4.25
-
cpe:2.3:a:stunnel:stunnel:4.26
-
cpe:2.3:a:stunnel:stunnel:4.27
-
cpe:2.3:a:stunnel:stunnel:4.28
-
cpe:2.3:a:stunnel:stunnel:4.29
-
cpe:2.3:a:stunnel:stunnel:4.30
-
cpe:2.3:a:stunnel:stunnel:4.31
-
cpe:2.3:a:stunnel:stunnel:4.32
-
cpe:2.3:a:stunnel:stunnel:4.33
-
cpe:2.3:a:stunnel:stunnel:4.34
-
cpe:2.3:a:stunnel:stunnel:4.35
-
cpe:2.3:a:stunnel:stunnel:4.36
-
cpe:2.3:a:stunnel:stunnel:4.37
-
cpe:2.3:a:stunnel:stunnel:4.38
-
cpe:2.3:a:stunnel:stunnel:4.39
-
cpe:2.3:a:stunnel:stunnel:4.40
-
cpe:2.3:a:stunnel:stunnel:4.41
-
cpe:2.3:a:stunnel:stunnel:4.42
-
cpe:2.3:a:stunnel:stunnel:4.43
-
cpe:2.3:a:stunnel:stunnel:4.44
-
cpe:2.3:a:stunnel:stunnel:4.45
-
cpe:2.3:a:stunnel:stunnel:4.46
-
cpe:2.3:a:stunnel:stunnel:4.47
-
cpe:2.3:a:stunnel:stunnel:4.48
-
cpe:2.3:a:stunnel:stunnel:4.49
-
cpe:2.3:a:stunnel:stunnel:4.50
-
cpe:2.3:a:stunnel:stunnel:4.51
-
cpe:2.3:a:stunnel:stunnel:4.52
-
cpe:2.3:a:stunnel:stunnel:4.53
-
cpe:2.3:a:stunnel:stunnel:4.54
-
cpe:2.3:a:stunnel:stunnel:4.55
-
cpe:2.3:a:stunnel:stunnel:4.56