CVE-2025-0577

{"id": "CVE-2025-0577", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.2}]}, "published": "2026-02-18T21:16:20.010", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-0577", "source": "patrick@puiterwijk.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338871", "source": "patrick@puiterwijk.org"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-331"}]}], "descriptions": [{"lang": "en", "value": "An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de entrop\u00eda insuficiente en glibc. La familia de funciones getrandom y arc4random puede devolver aleatoriedad predecible si estas funciones se vuelven a llamar despu\u00e9s del fork, lo que ocurre concurrentemente con una llamada a cualquiera de estas funciones."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "patrick@puiterwijk.org"}