OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).

Published : 2019-09-10 17:15 Updated : 2019-09-19 17:15

CVSS Score More info
Score 5.0 / 10
Vendor Product Version URI
Openssl Openssl 1.1.1 cpe:/a:openssl:openssl:1.1.1
Openssl Openssl 1.1.1 cpe:/a:openssl:openssl:1.1.1:pre1
Openssl Openssl 1.1.1 cpe:/a:openssl:openssl:1.1.1:pre2
Openssl Openssl 1.1.1 cpe:/a:openssl:openssl:1.1.1:pre3
Openssl Openssl 1.1.1 cpe:/a:openssl:openssl:1.1.1:pre4
Openssl Openssl 1.1.1 cpe:/a:openssl:openssl:1.1.1:pre5
Openssl Openssl 1.1.1 cpe:/a:openssl:openssl:1.1.1:pre6
Openssl Openssl 1.1.1 cpe:/a:openssl:openssl:1.1.1:pre7
Openssl Openssl 1.1.1 cpe:/a:openssl:openssl:1.1.1:pre8
Openssl Openssl 1.1.1 cpe:/a:openssl:openssl:1.1.1:pre9
Openssl Openssl 1.1.1a cpe:/a:openssl:openssl:1.1.1a
Openssl Openssl 1.1.1b cpe:/a:openssl:openssl:1.1.1b
Openssl Openssl 1.1.1c cpe:/a:openssl:openssl:1.1.1c
  1. Openssl (1) Search CVE
    1. Openssl (4) Search CVE
      1. 1.1.1
      2. 1.1.1a
      3. 1.1.1b
      4. 1.1.1c


ID Name Description Links
CWE-330 Use of Insufficiently Random Values The software may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. CVE

History of changes

Date Event
2019-09-19 17:15
2019-09-12 15:03
2019-09-10 17:35