Skip to main content

Net CVE-2024-58036

MEDIUM
Insufficient Entropy (CWE-331)
2025-04-05 9b29abf9-4ab0-4765-b253-1875cd9b441e
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Patch released
Apr 02, 2026 - 20:30 nvd
Patch available
Analysis Generated
Mar 28, 2026 - 18:35 vuln.today
CVE Published
Apr 05, 2025 - 16:15 nvd
MEDIUM 5.5

DescriptionCVE.org

Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.

AnalysisAI

Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-331. Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function. Affected products include: Norbu09 Net\.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Net

View all
CVE-2026-33811 HIGH POC
7.5 May 07

Memory corruption in Go's net library (versions <1.25.10 and 1.26.0-1.26.2) leads to application crash when parsing mali

CVE-2018-17848 HIGH POC
7.5 Oct 01

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "

CVE-2018-17847 HIGH POC
7.5 Oct 01

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading

CVE-2018-17143 HIGH POC
7.5 Sep 17

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a

CVE-2018-17142 HIGH POC
7.5 Sep 17

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "pani

CVE-2018-17075 HIGH POC
7.5 Sep 16

The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic:

CVE-2026-45491 MEDIUM POC
5.5 Jun 09

Local file tampering via symlink/junction following in Microsoft .NET runtimes 8.0, 9.0, and 10.0 allows a local unauthe

CVE-2024-43498 CRITICAL
9.8 Nov 12

.NET and Visual Studio Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is re

CVE-2023-36049 CRITICAL
9.8 Nov 14

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this v

CVE-2024-57854 CRITICAL
9.1 Mar 05

Weak PRNG in Net::NSCA::Client through 0.009002 for Perl. Patch available.

CVE-2026-11373 CRITICAL
9.1 Jun 22

Metric injection in the Perl module Net::Statsite::Client through version 1.1.0 allows attackers controlling metric name

CVE-2026-45591 HIGH
7.5 Jun 09

Remote denial of service in ASP.NET Core enables unauthenticated network attackers to exhaust server resources and disru

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2024-58036 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy