Netbsd
CVE-2021-45488
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.
AnalysisAI
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-330. In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm. Affected products include: Netbsd. Version information: through 9.2.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 thro
Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attacke
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N
A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitra
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execut
An issue was discovered in the kernel in NetBSD 7.1. Rated medium severity (CVSS 5.3), this vulnerability is no authenti
In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG. Rated high severity (
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures. Rated high seve
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG. Rated high severity
Same weakness CWE-330 – Use of Insufficiently Random Values
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today