CVE DATABASE / CVE-2001-1141
CVE-2001-1141
CVSS 5 · MEDIUM
Summary
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
CVSS 2.0 breakdown
| Base score | 5 (MEDIUM) |
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Confidentiality | PARTIAL |
| Integrity | NONE |
| Availability | NONE |
Affected products
Openssl opensslSsleay ssleay
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-013.txt.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000418
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0
- http://www.linuxsecurity.com/advisories/other_advisory-1483.html
- http://www.osvdb.org/853
- http://www.redhat.com/support/errata/RHSA-2001-051.html
- http://www.securityfocus.com/advisories/3475
- http://www.securityfocus.com/archive/1/195829
- http://www.securityfocus.com/bid/3004
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6823
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.