CVE-2017-9371
2.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Summary
In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| BlackBerry | QNX Software Development Platform (QNX SDP) | 6.6.0 | affected |
| BlackBerry | QNX Software Development Platform (QNX SDP) | 6.5.0 SP1 and earlier | affected |
Weaknesses
- Loss of integrity vulnerability
- CWE-332: CWE-332 Insufficient Entropy in PRNG
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.