Weak Cryptographic Randomness in NetBSD's IPv6 Fragment ID Generation
CVE-2021-45484

7.5HIGH

Key Information:

Vendor: Netbsd
Status: Netbsd
Vendor: CVE Published:; 25 December 2021

What is CVE-2021-45484?

The NetBSD operating system versions up to 9.2 suffer from a vulnerability in the IPv6 fragment ID generation algorithm, which relies on a weak cryptographic pseudo-random number generator (PRNG). This weakness can potentially allow attackers to predict fragment IDs, leading to possible denial of service or man-in-the-middle attacks. Mitigation strategies should include upgrading to the latest software versions and employing secure configurations as detailed in NetBSD security advisories.

References

https://arxiv.org/pdf/2112.09604.pdf

x_refsource_MISC

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetB...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 25, 2021
Vulnerability Reserved
Dec 25, 2021

CVE-2021-45484 Data

JSON

Netbsd

What is CVE-2021-45484?

References

CVSS V3.1

Timeline