Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-36157

PRNG not cryptographically strong on GCC before 5.5

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Won't Fix
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • None
    • Developer Tools
    • ALL

    Description

      Upgrading GCC to version 5.5 fixes a security flaw with PRNG.

      CVSS 2.1

      https://www.cvedetails.com/cve/CVE-2017-11671/

      "Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. "

      Attachments

        Activity

          People

            backlog-server-devtools DO NOT USE - Backlog - Dev Tools
            davi.ottenheimer Davi Ottenheimer
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: