Home

CVE-2014-0016

Description

stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.312

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in stunnel 3.3Windows
Multiple Vulnerabilities are affected in stunnel 3.4aWindows
Multiple Vulnerabilities are affected in stunnel 3.7Windows
Multiple Vulnerabilities are affected in stunnel 3.8Windows
Multiple Vulnerabilities are affected in stunnel 3.10Windows
Multiple Vulnerabilities are affected in stunnel 3.11Windows
Multiple Vulnerabilities are affected in stunnel 3.12Windows
Multiple Vulnerabilities are affected in stunnel 3.13Windows
Multiple Vulnerabilities are affected in stunnel 3.14Windows
Multiple Vulnerabilities are affected in stunnel 3.15Windows
Multiple Vulnerabilities are affected in stunnel 3.16Windows
Multiple Vulnerabilities are affected in stunnel 3.17Windows
Multiple Vulnerabilities are affected in stunnel 3.18Windows
Multiple Vulnerabilities are affected in stunnel 3.19Windows
Multiple Vulnerabilities are affected in stunnel 3.20Windows
Multiple Vulnerabilities are affected in stunnel 3.21Windows
Multiple Vulnerabilities are affected in stunnel 3.21aWindows
Multiple Vulnerabilities are affected in stunnel 3.21bWindows
Multiple Vulnerabilities are affected in stunnel 3.21cWindows
Multiple Vulnerabilities are affected in stunnel 3.22Windows
Multiple Vulnerabilities are affected in stunnel 3.24Windows
Multiple Vulnerabilities are affected in stunnel 3.9Windows
Multiple Vulnerabilities are affected in stunnel 4.04Windows
Vulnerabilities CVE-2003-0147,CVE-2003-0740,CVE-2008-2400,CVE-2014-0016 are affected in stunnel 4.0Windows
Vulnerabilities CVE-2003-0147,CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.01Windows
Vulnerabilities CVE-2003-0147,CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.02Windows
Vulnerabilities CVE-2003-0147,CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.03Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 0.1Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 1.0Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 1.1Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 1.2Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 1.3Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 1.4Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 1.5Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 1.6Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 2.0Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 2.1Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 3.0Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 3.0-b1Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 3.0-b2Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 3.0-b3Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 3.0-b4Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 3.0-b5Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 3.0-b6Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 3.0-b7Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 3.1Windows
Vulnerabilities CVE-2008-2400,CVE-2014-0016 are affected in stunnel 3.2Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 3.5Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 3.6Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.05Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.06Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.07Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.08Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.09Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.10Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.11Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.12Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.13Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.14Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.15Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.16Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.17Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.18Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.19Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.20Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.21Windows
Vulnerabilities CVE-2008-2400,CVE-2008-2420,CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.22Windows
Vulnerabilities CVE-2008-2420,CVE-2014-0016 are affected in stunnel 3.23Windows
Vulnerabilities CVE-2008-2420,CVE-2014-0016 are affected in stunnel 3.25Windows
Vulnerabilities CVE-2008-2420,CVE-2014-0016 are affected in stunnel 3.26Windows
Vulnerabilities CVE-2008-2420,CVE-2014-0016 are affected in stunnel 3.8p1Windows
Vulnerabilities CVE-2008-2420,CVE-2014-0016 are affected in stunnel 3.8p2Windows
Vulnerabilities CVE-2008-2420,CVE-2014-0016 are affected in stunnel 3.8p3Windows
Vulnerabilities CVE-2008-2420,CVE-2014-0016 are affected in stunnel 3.8p4Windows
Vulnerabilities CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.00Windows
Vulnerabilities CVE-2008-2420,CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.23Windows
Vulnerabilities CVE-2011-2940,CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.40Windows
Vulnerabilities CVE-2011-2940,CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.41Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.24Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.25Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.26Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.27Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.28Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.29Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.30Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.31Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.32Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.33Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.34Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.35Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.36Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.37Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.38Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.39Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.42Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.43Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.44Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.45Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.46Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.47Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.48Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.49Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.50Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.51Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.52Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.53Windows
Vulnerabilities CVE-2013-1762,CVE-2014-0016 are affected in stunnel 4.54Windows
Vulnerabilities CVE-2014-0016 are affected in stunnel 4.55Windows
Vulnerabilities CVE-2014-0016 are affected in stunnel 4.56Windows
Insufficient Entropy in PRNG Vulnerability (CVE-2014-0016)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)
PATCH-348313stunnel (5.75)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234