Skip to main content

Net CVE-2024-57854

CRITICAL
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)
2026-03-05 9b29abf9-4ab0-4765-b253-1875cd9b441e
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 22:06 vuln.today
Patch released
Mar 09, 2026 - 14:58 nvd
Patch available
CVE Published
Mar 05, 2026 - 03:15 nvd
CRITICAL 9.1

DescriptionCVE.org

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.

Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors.

Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.

AnalysisAI

Weak PRNG in Net::NSCA::Client through 0.009002 for Perl. Patch available.

Technical ContextAI

CWE-338.

RemediationAI

Update.

More in Net

View all
CVE-2026-33811 HIGH POC
7.5 May 07

Memory corruption in Go's net library (versions <1.25.10 and 1.26.0-1.26.2) leads to application crash when parsing mali

CVE-2026-45491 MEDIUM POC
5.5 Jun 09

Local file tampering via symlink/junction following in Microsoft .NET runtimes 8.0, 9.0, and 10.0 allows a local unauthe

CVE-2026-11373 CRITICAL
9.1 Jun 22

Metric injection in the Perl module Net::Statsite::Client through version 1.1.0 allows attackers controlling metric name

CVE-2026-45591 HIGH
7.5 Jun 09

Remote denial of service in ASP.NET Core enables unauthenticated network attackers to exhaust server resources and disru

CVE-2026-45490 HIGH
7.8 Jun 09

Local privilege escalation in Microsoft .NET allows an authenticated low-privileged user to elevate to higher privileges

CVE-2025-26646 HIGH
8.0 May 13

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized att

CVE-2026-49941 HIGH
7.5 Jun 04

Denial of service in the Perl module Net::CIDR::Set through version 0.20 allows remote unauthenticated attackers to trig

CVE-2026-40198 HIGH
7.5 Apr 10

IPv6 address validation bypass in Net::CIDR::Lite for Perl (versions <0.23) allows remote attackers to circumvent IP acc

CVE-2026-57081 HIGH
7.5 Jun 30

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecod

CVE-2026-57080 HIGH
7.5 Jun 30

Remote memory exhaustion in the Net::BitTorrent Perl module (all versions through 2.0.1) lets any unauthenticated peer i

CVE-2026-45190 MEDIUM
6.5 May 10

Net::CIDR::Lite Perl module versions before 0.24 fail to properly validate IP address and CIDR mask inputs, allowing att

CVE-2026-8722 MEDIUM
6.5 Jun 03

Metric name injection in Net::Async::Statsd::Client (Perl, versions through 0.005) allows network-reachable, unauthentic

Share

CVE-2024-57854 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy