CVE-2017-11671

MEDIUM Year: 2017
CVSS v3 Score
4.0
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-338
View all →

Vulnerability Description

Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.

Related Vulnerabilities

CVE-2025-27551

MEDIUM
CVSS:4.0(Medium)

DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Dige...

CWE-3382025

CVE-2025-27552

MEDIUM
CVSS:4.0(Medium)

DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This...

CWE-3382025

CVE-2025-2814

MEDIUM
CVSS:4.0(Medium)

Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects ...

CWE-3382025

CVE-2019-11808

LOW
CVSS:3.7(Low)

Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. This means that if an attacker can determine a small window for the server start...

CWE-3382019

CVE-2021-3047

LOW
CVSS:3.1(Low)

A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability...

CWE-3382021

CVE-2025-46653

LOW
CVSS:3.1(Low)

Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographica...

CWE-3382025