rpm package
opensuse/perl-Crypt-SysRandom&distro=openSUSE Leap 16.0
pkg:rpm/opensuse/perl-Crypt-SysRandom&distro=openSUSE%20Leap%2016.0
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-47372 | Cri | 9.1 | < 0.7.0-bp160.1.1 | 0.7.0-bp160.1.1 | May 20, 2026 | Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography. | |
| CVE-2026-47373 | Hig | 7.5 | < 0.7.0-bp160.1.1 | 0.7.0-bp160.1.1 | May 20, 2026 | Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash. |
- affected < 0.7.0-bp160.1.1fixed 0.7.0-bp160.1.1
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
- affected < 0.7.0-bp160.1.1fixed 0.7.0-bp160.1.1
Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash.