CVE-2024-45751: Insecure Rand Memory Population
Use of the insecure `rand()` function to populate an array or pointer. `rand()` is deterministic and not cryptographically secure. For authentication challenges, session IDs, or cryptographic keys, this can lead to prediction or replay attacks. Use a CSPRNG like `getrandom()`.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
Cβ
Cβgreprules fetch cve-2024-45751-insecure-rand-memory-population --engine opengrepDescription
Use of the insecure `rand()` function to populate an array or pointer. `rand()` is deterministic and not cryptographically secure. For authentication challenges, session IDs, or cryptographic keys, this can lead to prediction or replay attacks. Use a CSPRNG like `getrandom()`.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0