Information disclosure in Gnu Gcc

CVE-2015-5276

The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values…

Vulnerability class: Information Disclosure

EPSS: 0.029 (85.4th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2015-5276?
CVE-2015-5276 is a vulnerability in Gnu Gcc, classified under Information Disclosure. Published 2015-11-17.
Is CVE-2015-5276 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.