Unrated severityNVD Advisory· Published Oct 10, 2011· Updated Apr 29, 2026

CVE-2011-3599

Description

The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.

Affected products

Adam Kennedy/Crypt Dsa11 versions
cpe:2.3:a:adam_kennedy:crypt-dsa:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:adam_kennedy:crypt-dsa:*:*:*:*:*:*:*:*range: <=1.17
- cpe:2.3:a:adam_kennedy:crypt-dsa:0.01:*:*:*:*:*:*:*
- cpe:2.3:a:adam_kennedy:crypt-dsa:0.02:*:*:*:*:*:*:*
- cpe:2.3:a:adam_kennedy:crypt-dsa:0.03:*:*:*:*:*:*:*
- cpe:2.3:a:adam_kennedy:crypt-dsa:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:adam_kennedy:crypt-dsa:0.11:*:*:*:*:*:*:*
- cpe:2.3:a:adam_kennedy:crypt-dsa:0.12:*:*:*:*:*:*:*
- cpe:2.3:a:adam_kennedy:crypt-dsa:0.13:*:*:*:*:*:*:*
- cpe:2.3:a:adam_kennedy:crypt-dsa:0.14:*:*:*:*:*:*:*
- cpe:2.3:a:adam_kennedy:crypt-dsa:0.15_01:*:*:*:*:*:*:*
- cpe:2.3:a:adam_kennedy:crypt-dsa:1.16:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2011/10/05/5nvdPatch
www.openwall.com/lists/oss-security/2011/10/05/9nvdPatch
bugzilla.redhat.com/show_bug.cginvdPatch
rt.cpan.org/Public/Bug/Display.htmlnvdPatch
secunia.com/advisories/46275nvdVendor Advisory
osvdb.org/76025nvd
www.securityfocus.com/bid/49928nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000