CVE-2024-58036

Medium CVSS: 5.5

Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.

Vendor

Norbu09

Product

Net\

CWE

CWE-331

Yayın Tarihi

2025-04-05 16:15:33

Güncelleme

2025-09-29 22:36:29

Source Identifier

9b29abf9-4ab0-4765-b253-1875cd9b441e

KEV Date Added

Kategoriler

CWE-331 .net MEDIUM Norbu09 2025

Referanslar

https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537 https://metacpan.org/release/NORBU/Net-Dropbox-API-1.9/source/lib/Net/Dropbox/API.pm#L11 https://metacpan.org/release/NORBU/Net-Dropbox-API-1.9/source/lib/Net/Dropbox/API.pm#L385 https://perldoc.perl.org/functions/rand https://security.metacpan.org/docs/guides/random-data-for-security.html

Benzer Kayıtlar

Critical

CVE-2024-57854

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to us…

Medium

CVE-2021-4456

Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact.…

Medium

CVE-2025-43857

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.5.7, 0.4.…