How severe is CVE-2019-1549?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2019-1549?

This is classified as CWE-330, which is a common weakness in software security.

CVE-2019-1549 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).

Related Vulnerabilities

CVE-2010-3666

MEDIUM

CVSS:5.3(Medium)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.

CWE-3302010

CVE-2015-9019

MEDIUM

CVSS:5.3(Medium)

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

CWE-3302015

CVE-2017-1000246

MEDIUM

CVSS:5.3(Medium)

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

CWE-3302017

CVE-2017-13087

MEDIUM

CVSS:5.3(Medium)

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing...

CWE-3302017

CVE-2017-16028

MEDIUM

CVSS:5.3(Medium)

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).

CWE-3302017

CVE-2019-1010025

MEDIUM

CVSS:5.3(Medium)

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass...

CWE-3302019