CVE-2024-58040 | THREATINT

Description

Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.

PUBLISHED Reserved 2025-03-26 | Published 2025-09-29 | Updated 2025-09-30 | Assigner CPANSec

Problem types

CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CWE-331 Insufficient Entropy

Product status

Default status

unaffected

0.01

affected

Credits

Robert Rothenberg finder

References

metacpan.org/...on-0.01/source/lib/Crypt/RandomEncryption.pm

security.metacpan.org/...uides/random-data-for-security.html related

perldoc.perl.org/functions/rand related

cve.org (CVE-2024-58040)

nvd.nist.gov (CVE-2024-58040)

Download JSON

help @ threatint.eu