mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
97 lines
3.9 KiB
JSON
97 lines
3.9 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "secalert_us@oracle.com",
|
|
"ID": "CVE-2007-6755",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "n/a",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html",
|
|
"refsource": "MISC",
|
|
"url": "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html"
|
|
},
|
|
{
|
|
"name": "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/",
|
|
"refsource": "MISC",
|
|
"url": "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/"
|
|
},
|
|
{
|
|
"name": "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html",
|
|
"refsource": "MISC",
|
|
"url": "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html"
|
|
},
|
|
{
|
|
"name": "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html",
|
|
"refsource": "MISC",
|
|
"url": "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html"
|
|
},
|
|
{
|
|
"name": "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect",
|
|
"refsource": "MISC",
|
|
"url": "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect"
|
|
},
|
|
{
|
|
"name": "63657",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/63657"
|
|
},
|
|
{
|
|
"name": "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/",
|
|
"refsource": "MISC",
|
|
"url": "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/"
|
|
},
|
|
{
|
|
"name": "http://rump2007.cr.yp.to/15-shumow.pdf",
|
|
"refsource": "MISC",
|
|
"url": "http://rump2007.cr.yp.to/15-shumow.pdf"
|
|
}
|
|
]
|
|
}
|
|
} |