CVE-2008-0299

CVE Database · CVE-2008-0299

CVE-2008-0299

· N/AModified

CVSS v3.1

N/A

EPSS

1.62%

Published

Jan 16, 2008

Modified

Apr 22, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

Affected Products (1)

python_software_foundation · paramikovulnerable

References (20)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706

http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch

Exploit

http://secunia.com/advisories/28488

http://secunia.com/advisories/28510

http://secunia.com/advisories/29168

http://security.gentoo.org/glsa/glsa-200803-07.xml

http://www.lag.net/pipermail/paramiko/2008-January/000599.html

http://www.securityfocus.com/bid/27307

https://bugzilla.redhat.com/show_bug.cgi?id=428727

https://exchange.xforce.ibmcloud.com/vulnerabilities/39749

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html

KEV Catalog EPSS Scores Vendors All CVEs