Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2018-14647

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

Published: Sep 25, 2018 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
5.3 MODERATE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2018-14647
CWEhttps://cwe.mitre.org/data/definitions/335.html

Pythons elementtree C accelerator failed to initialise Expats hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expats internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

Weakness

The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.

Affected Software

Name Vendor Start Version End Version
Python Python 2.7.0 (including) 2.7.15 (including)
Python Python 3.4.0 (including) 3.4.9 (including)
Python Python 3.5.0 (including) 3.5.6 (including)
Python Python 3.6.0 (including) 3.6.6 (including)
Python Python 3.7.0 (including) 3.7.0 (including)
Red Hat Ansible Tower 3.4 for RHEL 7 RedHat ansible-tower-34/ansible-tower-memcached:1.4.15-28 *
Red Hat Ansible Tower 3.4 for RHEL 7 RedHat ansible-tower-35/ansible-tower-memcached:1.4.15-28 *
Red Hat Ansible Tower 3.4 for RHEL 7 RedHat ansible-tower-37/ansible-tower-memcached-rhel7:1.4.15-28 *
Red Hat Enterprise Linux 7 RedHat python-0:2.7.5-86.el7 *
Red Hat Enterprise Linux 7.4 Advanced Update Support RedHat python-0:2.7.5-63.el7_4 *
Red Hat Enterprise Linux 7.4 Telco Extended Update Support RedHat python-0:2.7.5-63.el7_4 *
Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions RedHat python-0:2.7.5-63.el7_4 *
Red Hat Enterprise Linux 7.5 Extended Update Support RedHat python-0:2.7.5-74.el7_5 *
Red Hat Enterprise Linux 7.6 Extended Update Support RedHat python-0:2.7.5-83.el7_6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6 RedHat python27-python-0:2.7.16-4.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6 RedHat python27-python-jinja2-0:2.6-12.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6 RedHat rh-python36-python-0:3.6.9-2.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat python27-python-0:2.7.16-4.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat python27-python-jinja2-0:2.6-15.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-python36-python-0:3.6.9-2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS RedHat python27-python-0:2.7.16-4.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS RedHat python27-python-jinja2-0:2.6-15.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS RedHat python27-python-0:2.7.16-4.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS RedHat python27-python-jinja2-0:2.6-15.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS RedHat rh-python36-python-0:3.6.9-2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS RedHat python27-python-0:2.7.16-4.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS RedHat python27-python-jinja2-0:2.6-15.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS RedHat rh-python36-python-0:3.6.9-2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat rh-python36-python-0:3.6.9-2.el7 *
Python2.7 Ubuntu bionic *
Python2.7 Ubuntu trusty *
Python2.7 Ubuntu xenial *
Python3.4 Ubuntu trusty *
Python3.5 Ubuntu trusty *
Python3.5 Ubuntu trusty/esm *
Python3.5 Ubuntu xenial *
Python3.6 Ubuntu bionic *
Python3.7 Ubuntu bionic *
Python3.7 Ubuntu upstream *

Extended Description

	   PRNGs are deterministic and, while their output appears
	   random, they cannot actually create entropy. They rely on
	   cryptographically secure and unique seeds for entropy so
	   proper seeding is critical to the secure operation of the
	   PRNG.

	   Management of seeds could be broken down into two main areas:
	   

		 
		 
	   

		   PRNGs require a seed as input to generate a stream of
		   numbers that are functionally indistinguishable from
		   random numbers.  While the output is, in many cases,
		   sufficient for cryptographic uses, the output of any
		   PRNG is directly determined by the seed provided as
		   input. If the seed can be ascertained by a third party,
		   the entire output of the PRNG can be made known to
		   them. As such, the seed should be kept secret and
		   should ideally not be able to be guessed. For example,
		   the current time may be a poor seed. Knowing the
		   approximate time the PRNG was seeded greatly reduces
		   the possible key space.
		 

		   Seeds do not necessarily need to be unique, but reusing seeds may open up attacks if the seed is discovered.

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use