Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
CVE-2018-1426
Summary
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-335 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
The software uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.
References
Advisory Timeline
- Published