CVE-2015-5276

Published: 11/17/2015 Last updated: 8/6/2024 Reserved: 7/1/2015

The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (20)

conf-aarch64-linux-gnu-gcc conf-blas conf-c++ conf-g++ conf-gcc conf-gfortran conf-lapack conf-libgccjit conf-mingw-w64-gcc-i686 conf-mingw-w64-gcc-x86_64 conf-mingw-w64-g++-i686 conf-mingw-w64-g++-x86_64 conf-x86_64-linux-gnu-gcc farmhash irrlicht lbfgs libbinaryen re2 solo5-cross-aarch64 taglib

Products affected (1)

Product	Vendor	Version
n/a	n/a	< 23f89fe005b105f0dcc55034c13eb89f9b570fac

References (20)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142
https://bugzilla.redhat.com/show_bug.cgi?id=1262846
http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html
http://www.securitytracker.com/id/1034375
http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142
https://bugzilla.redhat.com/show_bug.cgi?id=1262846
http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html
http://www.securitytracker.com/id/1034375
http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142
https://bugzilla.redhat.com/show_bug.cgi?id=1262846
http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html
http://www.securitytracker.com/id/1034375
http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142
https://bugzilla.redhat.com/show_bug.cgi?id=1262846
http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html
http://www.securitytracker.com/id/1034375
http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html