CVE-2017-2626 in FreeDesktop and Red Hat Products
Published on July 27, 2018
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
Weakness Type
Insufficient Entropy
The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
Products Associated with CVE-2017-2626
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2017-2626 are published in these products:
Affected Versions
Xorg libICE Version 1.0.9-8 is affected by CVE-2017-2626Exploit Probability
EPSS
0.10%
Percentile
26.95%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.