Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-2814

4.0 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): LOW

created 6 months ago

Crypt::CBC versions between 1.21 and 3.04 for Perl may use insecure rand() function for cryptographic functions

Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to use the insecure rand() function.

References

Affected products

Crypt-CBC

=<3.04
=<3.05

Matching in nixpkgs

pkgs.perlPackages.CryptCBC

Encrypt Data with Cipher Block Chaining Mode

nixos-unstable -
- nixpkgs-unstable 2.33

pkgs.perl538Packages.CryptCBC

Encrypt Data with Cipher Block Chaining Mode

nixos-unstable -
- nixpkgs-unstable 2.33

pkgs.perl540Packages.CryptCBC

Encrypt Data with Cipher Block Chaining Mode

nixos-unstable -
- nixpkgs-unstable 2.33

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.perlPackages.CryptCBC

pkgs.perl538Packages.CryptCBC

pkgs.perl540Packages.CryptCBC