Net
CVE-2024-57854
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.
Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors.
Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.
AnalysisAI
Weak PRNG in Net::NSCA::Client through 0.009002 for Perl. Patch available.
Technical ContextAI
CWE-338.
RemediationAI
Update.
Memory corruption in Go's net library (versions <1.25.10 and 1.26.0-1.26.2) leads to application crash when parsing mali
Local file tampering via symlink/junction following in Microsoft .NET runtimes 8.0, 9.0, and 10.0 allows a local unauthe
Metric injection in the Perl module Net::Statsite::Client through version 1.1.0 allows attackers controlling metric name
Remote denial of service in ASP.NET Core enables unauthenticated network attackers to exhaust server resources and disru
Local privilege escalation in Microsoft .NET allows an authenticated low-privileged user to elevate to higher privileges
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized att
Denial of service in the Perl module Net::CIDR::Set through version 0.20 allows remote unauthenticated attackers to trig
IPv6 address validation bypass in Net::CIDR::Lite for Perl (versions <0.23) allows remote attackers to circumvent IP acc
Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecod
Remote memory exhaustion in the Net::BitTorrent Perl module (all versions through 2.0.1) lets any unauthenticated peer i
Net::CIDR::Lite Perl module versions before 0.24 fail to properly validate IP address and CIDR mask inputs, allowing att
Metric name injection in Net::Async::Statsd::Client (Perl, versions through 0.005) allows network-reachable, unauthentic
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today