Nixpkgs security tracker
NIXPKGS-2026-2018
GitHub issue
published 6 hours ago
Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes
Permalink
CVE-2026-11702
7.5 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): None (N)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): None (N)
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse accepted
- @LeSuisse published on GitHub
Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes
Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes.
References
Affected products
Bytes-Random-Secure-Tiny
- =<1.011
Matching in nixpkgs
pkgs.perlPackages.BytesRandomSecureTiny
Tiny Perl extension to generate cryptographically-secure random bytes
pkgs.perl5Packages.BytesRandomSecureTiny
Tiny Perl extension to generate cryptographically-secure random bytes
pkgs.perl538Packages.BytesRandomSecureTiny
None
pkgs.perl540Packages.BytesRandomSecureTiny
None
Package maintainers
-
@stigtsp Stig Palmquist <stig@stig.io>