Approved changes feed: RSS · Atom
cpe:2.3:a:perl:crypt::random:*:*:*:*:*:*:*:*
part: a version: update: random
| Vendor | Perl (1e08d0ea-f6e4-5b5b-a347-b9704b70f1d2) |
|---|---|
| Product | Crypt (0125f689-1265-5cb6-9586-31f9ba3422d8) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-1828 |
vulnerable | 2026-06-03 14:59:06.633615 |
Perl's Crypt::Random module after 1.05 and before 1.56 may use rand() function for cryptographic functions
Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions.
If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will default to use the insecure Crypt::Random::rand provider.
In particular, Windows versions of perl will encounter this issue by default.
Published: 2025-03-10T23:51:33.279Z
Updated: 2025-09-09T13:56:40.704Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.