CVE-2025-22376

Опубликовано: 03 янв. 2025

Источник: redhat

CVSS3: 4.8

Описание

In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.

Отчет

This vulnerability doesn't affect any supported Red Hat product.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-338

https://bugzilla.redhat.com/show_bug.cgi?id=2335488perl-Net-OAuth: Default nonce for Net::OAuth package for perl is not cryptographically strong

4.8 Medium

CVSS3

Связанные уязвимости

CVE-2025-22376

CVSS3: 5.3

ubuntu

12 месяцев назад

In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.

CVE-2025-22376

CVSS3: 5.3

nvd

12 месяцев назад

In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.

CVE-2025-22376

CVSS3: 5.3

debian

12 месяцев назад

In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, ...

GHSA-w287-9q69-3hx9

CVSS3: 9.8

github

12 месяцев назад

In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.

4.8 Medium

CVSS3