Weak Cryptographic PRNG in NetBSD Affects IPv6 Flow Label Generation
CVE-2021-45489

7.5HIGH

Key Information:

Vendor: Netbsd
Status: Netbsd
Vendor: CVE Published:; 25 December 2021

What is CVE-2021-45489?

In the NetBSD operating system up to version 9.2, the algorithm responsible for generating IPv6 Flow Labels uses a cryptographic pseudo-random number generator (PRNG) that is insufficiently strong. This vulnerability can potentially allow attackers to predict or manipulate the IPv6 Flow Label, which may have serious implications for network security. Affected users are advised to review the security advisory and apply necessary patches to mitigate risks.

References

https://arxiv.org/pdf/2112.09604.pdf

x_refsource_MISC

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetB...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 25, 2021
Vulnerability Reserved
Dec 25, 2021

CVE-2021-45489 Data

JSON

Netbsd

What is CVE-2021-45489?

References

CVSS V3.1

Timeline