Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-2814

Опубликовано: 12 апр. 2025
Источник: redhat
CVSS3: 4.8
EPSS Низкий

Описание

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable.  In that case, Crypt::CBC will fallback to use the insecure rand() function.

A flaw was found in Crypt::CBC. Affected versions of Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable.  In that case, Crypt::CBC will fall back to using the insecure rand() function.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7perl-Crypt-CBCOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-338
https://bugzilla.redhat.com/show_bug.cgi?id=2359259Crypt-CBC: Crypt::CBC versions between 1.21 and 3.04 for Perl may use insecure rand() function for cryptographic functions

EPSS

Процентиль: 5%
0.00024
Низкий

4.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-2814

CVSS3: 4
ubuntu
5 месяцев назад

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to use the insecure rand() function.

nvd логотип

CVE-2025-2814

CVSS3: 4
nvd
5 месяцев назад

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable.  In that case, Crypt::CBC will fallback to use the insecure rand() function.

debian логотип

CVE-2025-2814

CVSS3: 4
debian
5 месяцев назад

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() ...

redos логотип

ROS-20250630-11

redos
3 месяца назад

Уязвимость perl-Crypt-CBC

github логотип

GHSA-xpfq-7j72-x4px

CVSS3: 4
github
5 месяцев назад

Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable.  In that case, Crypt::CBC will fallback to use the insecure rand() function.

EPSS

Процентиль: 5%
0.00024
Низкий

4.8 Medium

CVSS3