CVE-2021-3538

A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1954376	Issue Tracking Third Party Advisory
https://github.com/satori/go.uuid/issues/73	Third Party Advisory
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:satori:uuid:-:*:*:*:*:go:*:*

History

11 Oct 2024, 15:23

Type	Values Removed	Values Added
First Time		Satori uuid Satori
CPE	cpe:2.3:a:go.uuid_project:go.uuid::::::::	cpe:2.3:a:satori:uuid:-:::::go::

Information

Published : 2021-06-02 14:15

Updated : 2024-10-11 15:23

NVD link : CVE-2021-3538

Mitre link : CVE-2021-3538

CVE.ORG link : CVE-2021-3538

JSON object : View

Products Affected

satori

uuid

CWE

CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

{"id": "CVE-2021-3538", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-06-02T14:15:09.993", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954376", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/satori/go.uuid/issues/73", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-338"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-338"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker."}, {"lang": "es", "value": "Se ha encontrado un fallo en github.com/satori/go.uuid en las versiones desde el commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c hasta d91630c8510268e75203009fe7daf2b8e1d60c45. Debido a una aleatoriedad no segura en la funci\u00f3n g.rand.Read los UUIDs generados son predecibles para un atacante"}], "lastModified": "2024-10-11T15:23:06.737", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:satori:uuid:-:*:*:*:*:go:*:*", "vulnerable": true, "matchCriteriaId": "AB02B571-6BC5-4D0E-AC19-46AEB20E5B0A"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}