CVE-2007-6755

SOURCE - nist

Summary

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.

EPSS Score⁠: 0.00614 (0.787)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-327⁠

Use of a Broken or Risky Cryptographic Algorithm

Sources (4)

Impacted images

debian

CREATED

11 years ago

UPDATED

25 days ago

SOURCE IDCVE-2007-6755⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/openssl	deb	debian	12	>=3.0.11-1~deb12u2	Not yet available
debian/openssl	deb	debian	unstable	>=3.2.1-3	Not yet available
debian/openssl	deb	debian	10	>=1.1.1n-0+deb10u3	Not yet available
debian/openssl	deb	debian	13	>=3.2.1-3	Not yet available
debian/openssl	deb	debian	11	>=1.1.1w-0+deb11u1	Not yet available

Severity and metrics

No CVSS data available from this source.

nist

CREATED

11 years ago

UPDATED

2 years ago

SOURCE IDCVE-2007-6755⁠

EXPLOITABILITY SCORE

8.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-327⁠

CVSS SCORE

5.8medium

ubuntu

CREATED

11 years ago

UPDATED

1 month ago

SOURCE IDCVE-2007-6755⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

redhat

CREATED

11 years ago

UPDATED

10 months ago

SOURCE IDCVE-2007-6755⁠

EXPLOITABILITY SCORE

8.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.8medium