rpm package
suse/perl-Crypt-URandom&distro=SUSE Linux Enterprise Server 12 SP5-LTSS
pkg:rpm/suse/perl-Crypt-URandom&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-2474 | — | < 0.550.0-1.6.1 | 0.550.0-1.6.1 | Feb 16, 2026 | Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom(). The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) is supplied, the expression length | ||
| CVE-2025-40918 | Med | 6.5 | < 0.540.0-1.3.1 | 0.540.0-1.3.1 | Jul 16, 2025 | Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch t |
- CVE-2026-2474Feb 16, 2026affected < 0.550.0-1.6.1fixed 0.550.0-1.6.1
Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom(). The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) is supplied, the expression length
- affected < 0.540.0-1.3.1fixed 0.540.0-1.3.1
Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch t