CVE-2017-2626

Summary

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

Affected Software

VendorProductVersion RangeStatus
XorglibICE1.0.9-8affected

Weaknesses

  • CWE-331: CWE-331

ADP Enrichment

CVE Program Container

Additional References

References