Vulnerabilities > CVE-2012-6124 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Call-Cc Chicken

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

call-cc

CWE-338

NVD

Published: 2019-10-31

Updated: 2019-11-06

Summary

A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and is advertised as being unsuitable)."

Vulnerable Configurations

Part	Description	Count
Application	Call-Cc Call CC Chicken -	1

Common Weakness Enumeration (CWE)

CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

References

http://www.openwall.com/lists/oss-security/2013/02/08/2
https://access.redhat.com/security/cve/cve-2012-6124
https://lists.nongnu.org/archive/html/chicken-hackers/2012-02/msg00084.html
https://security-tracker.debian.org/tracker/CVE-2012-6124