Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-2814

Опубликовано: 12 апр. 2025
Источник: redhat
CVSS3: 4.8

Описание

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable.  In that case, Crypt::CBC will fallback to use the insecure rand() function.

A flaw was found in Crypt::CBC. Affected versions of Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable.  In that case, Crypt::CBC will fall back to using the insecure rand() function.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7perl-Crypt-CBCOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-338
https://bugzilla.redhat.com/show_bug.cgi?id=2359259Crypt-CBC: Crypt::CBC versions between 1.21 and 3.04 for Perl may use insecure rand() function for cryptographic functions

4.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-2814

CVSS3: 4
ubuntu
10 месяцев назад

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to use the insecure rand() function.

nvd логотип

CVE-2025-2814

CVSS3: 4
nvd
10 месяцев назад

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable.  In that case, Crypt::CBC will fallback to use the insecure rand() function.

debian логотип

CVE-2025-2814

CVSS3: 4
debian
10 месяцев назад

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() ...

github логотип

GHSA-xpfq-7j72-x4px

CVSS3: 4
github
10 месяцев назад

Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable.  In that case, Crypt::CBC will fallback to use the insecure rand() function.

fstec логотип

BDU:2025-08560

CVSS3: 4
fstec
10 месяцев назад

Уязвимость функции rand() модуля Crypt::CBC языка программирования Perl, позволяющая нарушителю вызвать отказ в обслуживании

4.8 Medium

CVSS3