VYPR

rpm package

suse/perl-Crypt-URandom&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

pkg:rpm/suse/perl-Crypt-URandom&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Vulnerabilities (2)

  • CVE-2026-2474Feb 16, 2026
    affected < 0.550.0-1.6.1fixed 0.550.0-1.6.1

    Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom(). The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) is supplied, the expression length

  • CVE-2025-40918MedJul 16, 2025
    affected < 0.540.0-1.3.1fixed 0.540.0-1.3.1

    Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch t