Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2018-14647

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

Published: Sep 25, 2018 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
5.3 MODERATE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2018-14647
CWEhttps://cwe.mitre.org/data/definitions/335.html

Pythons elementtree C accelerator failed to initialise Expats hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expats internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

Weakness

The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.

Affected Software

NameVendorStart VersionEnd Version
PythonPython2.7.0 (including)2.7.15 (including)
PythonPython3.4.0 (including)3.4.9 (including)
PythonPython3.5.0 (including)3.5.6 (including)
PythonPython3.6.0 (including)3.6.6 (including)
PythonPython3.7.0 (including)3.7.0 (including)
Red Hat Ansible Tower 3.4 for RHEL 7RedHatansible-tower-34/ansible-tower-memcached:1.4.15-28*
Red Hat Ansible Tower 3.4 for RHEL 7RedHatansible-tower-35/ansible-tower-memcached:1.4.15-28*
Red Hat Ansible Tower 3.4 for RHEL 7RedHatansible-tower-37/ansible-tower-memcached-rhel7:1.4.15-28*
Red Hat Enterprise Linux 7RedHatpython-0:2.7.5-86.el7*
Red Hat Enterprise Linux 7.4 Advanced Update SupportRedHatpython-0:2.7.5-63.el7_4*
Red Hat Enterprise Linux 7.4 Telco Extended Update SupportRedHatpython-0:2.7.5-63.el7_4*
Red Hat Enterprise Linux 7.4 Update Services for SAP SolutionsRedHatpython-0:2.7.5-63.el7_4*
Red Hat Enterprise Linux 7.5 Extended Update SupportRedHatpython-0:2.7.5-74.el7_5*
Red Hat Enterprise Linux 7.6 Extended Update SupportRedHatpython-0:2.7.5-83.el7_6*
Red Hat Software Collections for Red Hat Enterprise Linux 6RedHatpython27-python-0:2.7.16-4.el6*
Red Hat Software Collections for Red Hat Enterprise Linux 6RedHatpython27-python-jinja2-0:2.6-12.el6*
Red Hat Software Collections for Red Hat Enterprise Linux 6RedHatrh-python36-python-0:3.6.9-2.el6*
Red Hat Software Collections for Red Hat Enterprise Linux 7RedHatpython27-python-0:2.7.16-4.el7*
Red Hat Software Collections for Red Hat Enterprise Linux 7RedHatpython27-python-jinja2-0:2.6-15.el7*
Red Hat Software Collections for Red Hat Enterprise Linux 7RedHatrh-python36-python-0:3.6.9-2.el7*
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUSRedHatpython27-python-0:2.7.16-4.el7*
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUSRedHatpython27-python-jinja2-0:2.6-15.el7*
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUSRedHatpython27-python-0:2.7.16-4.el7*
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUSRedHatpython27-python-jinja2-0:2.6-15.el7*
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUSRedHatrh-python36-python-0:3.6.9-2.el7*
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUSRedHatpython27-python-0:2.7.16-4.el7*
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUSRedHatpython27-python-jinja2-0:2.6-15.el7*
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUSRedHatrh-python36-python-0:3.6.9-2.el7*
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUSRedHatrh-python36-python-0:3.6.9-2.el7*
Python2.7Ubuntubionic*
Python2.7Ubuntuesm-infra-legacy/trusty*
Python2.7Ubuntuesm-infra/bionic*
Python2.7Ubuntuesm-infra/xenial*
Python2.7Ubuntutrusty*
Python2.7Ubuntutrusty/esm*
Python2.7Ubuntuxenial*
Python3.4Ubuntuesm-infra-legacy/trusty*
Python3.4Ubuntutrusty*
Python3.4Ubuntutrusty/esm*
Python3.5Ubuntuesm-infra-legacy/trusty*
Python3.5Ubuntuesm-infra/xenial*
Python3.5Ubuntutrusty*
Python3.5Ubuntutrusty/esm*
Python3.5Ubuntuxenial*
Python3.6Ubuntubionic*
Python3.6Ubuntuesm-infra/bionic*
Python3.7Ubuntubionic*
Python3.7Ubuntuesm-apps/bionic*
Python3.7Ubuntuupstream*

Extended Description

	   PRNGs are deterministic and, while their output appears
	   random, they cannot actually create entropy. They rely on
	   cryptographically secure and unique seeds for entropy so
	   proper seeding is critical to the secure operation of the
	   PRNG.

	   Management of seeds could be broken down into two main areas:
	   

		 
		 
	   

		   PRNGs require a seed as input to generate a stream of
		   numbers that are functionally indistinguishable from
		   random numbers.  While the output is, in many cases,
		   sufficient for cryptographic uses, the output of any
		   PRNG is directly determined by the seed provided as
		   input. If the seed can be ascertained by a third party,
		   the entire output of the PRNG can be made known to
		   them. As such, the seed should be kept secret and
		   should ideally not be able to be guessed. For example,
		   the current time may be a poor seed. Knowing the
		   approximate time the PRNG was seeded greatly reduces
		   the possible key space.
		 

		   Seeds do not necessarily need to be unique, but reusing seeds may open up attacks if the seed is discovered.

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use