CVE-2025-1860

Опубликовано: 28 мар. 2025

Источник: debian

EPSS Низкий

Описание

Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libdata-entropy-perl	fixed	0.008-1		package
libdata-entropy-perl	fixed	0.007-4+deb12u1	bookworm	package

Примечания

https://lists.security.metacpan.org/cve-announce/msg/28284586/
Fixed by: https://github.com/robrwo/Data-Entropy/commit/1293c1570507c37aedc5ad631f013170693a2ef4 (v0.008)

EPSS

Процентиль: 2%

0.00015

Низкий

Связанные уязвимости

CVE-2025-1860

CVSS3: 7.7

ubuntu

5 месяцев назад

Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

CVE-2025-1860

CVSS3: 7.7

nvd

5 месяцев назад

Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

openSUSE-SU-2025:0123-1

suse-cvrf

5 месяцев назад

Security update for perl-Data-Entropy

ROS-20250710-05

CVSS3: 7.7

redos

около 2 месяцев назад

Уязвимость Perl-Data-Entropy

GHSA-g3hm-j3wc-jcg9

CVSS3: 7.7

github

5 месяцев назад

Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

EPSS

Процентиль: 2%

0.00015

Низкий