Upstream information
Description
Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to use the insecure rand() function.
SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.
| CNA (CISA-ADP) | |
|---|---|
| Base Score | 4 |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Low |
| CVSSv3 Version | 3.1 |
No SUSE Security Announcements cross referenced.
SUSE Timeline for this CVE
CVE page created: Sun Apr 13 04:00:04 2025CVE page last modified: Fri Apr 25 15:16:26 2025