How severe is CVE-2022-29245?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2022-29245?

This is classified as CWE-338, which is a common weakness in software security.

CVE-2022-29245

MEDIUM Year: 2022

CVSS v3 Score

5.9

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-338

View all →

Vulnerability Description

SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 and 2020.0.1, during an `X25519` key exchange, the client’s private key is generated with `System.Random`. `System.Random` is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes. When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be brute forced. This allows an attacker who is able to eavesdrop on the communications to decrypt them. Version 2020.0.2 contains a patch for this issue. As a workaround, one may disable support for `curve25519-sha256` and `[email protected]` key exchange algorithms.

CVE-2008-3280

MEDIUM

CVSS:5.9(Medium)

It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the...

CWE-3382008

CVE-2018-12885

MEDIUM

CVSS:5.9(Medium)

The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a p...

CWE-3382018

CVE-2019-19794

MEDIUM

CVSS:5.9(Medium)

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to resp...

CWE-3382019

CVE-2020-10560

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserve...

CWE-3382020

CVE-2023-31290

MEDIUM

CVSS:5.9(Medium)

Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March ...

CWE-3382023

CVE-2023-34363

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security (OAS) encryption, if an error is encountered initializing the encrypti...

CWE-3382023

CVE-2022-29245

Vulnerability Description

Related Vulnerabilities

CVE-2008-3280

CVE-2018-12885

CVE-2019-19794

CVE-2020-10560

CVE-2023-31290

CVE-2023-34363