CVE-2001-1141
CVE-2001-1141 is a medium-severity vulnerability in Openssl with a CVSS 2.0 base score of 5.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.0)
- EPSS exploit prediction: 5% (91st percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Openssl
- Published:
- Last modified:
Description
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
Frequently asked questions
- What is CVE-2001-1141?
- The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
- How severe is CVE-2001-1141?
- CVE-2001-1141 has a CVSS 2.0 base score of 5.0, rated medium severity.
- Is CVE-2001-1141 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 5% (91st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2001-1141?
- CVE-2001-1141 primarily affects Openssl. In total, 10 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2001-1141?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2001-1141 published?
- CVE-2001-1141 was published on 2001-07-10 and last updated on 2026-06-16.
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-013.txt.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000418
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0
- http://www.linuxsecurity.com/advisories/other_advisory-1483.html
- http://www.osvdb.org/853
- http://www.redhat.com/support/errata/RHSA-2001-051.html
- http://www.securityfocus.com/advisories/3475
- http://www.securityfocus.com/archive/1/195829
- http://www.securityfocus.com/bid/3004
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6823
Affected products (10)
- cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
- cpe:2.3:a:ssleay:ssleay:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:ssleay:ssleay:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:ssleay:ssleay:0.9.1:*:*:*:*:*:*:*
More vulnerabilities in Openssl
- CVE-2009-3245 — Critical (CVSS 10.0): OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c,…
- CVE-2006-3738 — Critical (CVSS 10.0): Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier…
- CVE-2026-31789 — Critical (CVSS 9.8): Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer…
- CVE-2022-2274 — Critical (CVSS 9.8): The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA…
- CVE-2021-3711 — Critical (CVSS 9.8): In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt().…
- CVE-2016-6309 — Critical (CVSS 9.8): statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote…