Crypt
CVE-2024-58040
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.
AnalysisAI
Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-331. Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption. Affected products include: Qwer Crypt\. Version information: version 0.01.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Perl Crypt::NaCl::Sodium module through 2.002 has potential integer overflows in cryptographic operations that could wea
Integer overflow in Crypt::NaCl::Sodium Perl module through version 2.001 on 32-bit systems. The Sodium.xs binding casts
Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_
Heap buffer overflow in Crypt::SysRandom::XS before version 0.010 allows denial of service through negative length param
Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined aead encryption, combined
Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuff
Weak salt generation in Crypt::PasswdMD5 (Perl) through version 1.42 enables password hash cracking via predictable rand
Predictable salt generation in the Perl Crypt::PBKDF2 module before version 0.261630 weakens the cryptographic strength
File overwrite and information disclosure in Crypt::DSA through version 1.19 for Perl expose systems where user-controll
Heap out-of-bounds read in Crypt::Argon2 for Perl (versions 0.017 through 0.030) exposes applications to process crash o
Crypt::PBKDF2 for Perl prior to version 0.261630 ships with critically weak password-hashing defaults - HMAC-SHA1 as the
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, lead
Same weakness CWE-331 – Insufficient Entropy
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today