CVE-2023-45236: Predictable Tcp Isn
Predictable TCP Initial Sequence Number (ISN) generation detected. Generate ISNs using a cryptographically secure pseudo-random number generator (CSPRNG) or a secure hash that incorporates connection parameters and a secret key, as recommended by RFC 9293. Incrementing a variable to compute the ISN makes it predictable, rendering the stack susceptible to TCP
Cβgreprules fetch cve-2023-45236-predictable-tcp-isn --engine opengrepDescription
Predictable TCP Initial Sequence Number (ISN) generation detected. Generate ISNs using a cryptographically secure pseudo-random number generator (CSPRNG) or a secure hash that incorporates connection parameters and a secret key, as recommended by RFC 9293. Incrementing a variable to compute the ISN makes it predictable, rendering the stack susceptible to TCP
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0