CVE-2008-0299

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:P/I:N/A:N
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
python_software_foundationparamiko
1.7.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
paramiko
bullseye
2.7.2-1
fixed
etch
no-dsa
bookworm
2.12.0-2
fixed
sid
3.4.1-2
fixed
trixie
3.4.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
paramiko
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
ignored
gutsy
ignored
feisty
ignored
edgy
ignored
dapper
ignored