Vulnerabilites related to ZEFRAM - Data::Entropy
cve-2025-1860
Vulnerability from cvelistv5
Published
2025-03-28 00:56
Modified
2025-04-02 22:03
Severity ?
EPSS score ?
Summary
Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZEFRAM | Data::Entropy |
Version: 0 < 0.008 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2025-04-02T22:03:16.908Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://lists.debian.org/debian-lts-announce/2025/03/msg00026.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://cpan.org/modules", defaultStatus: "unaffected", packageName: "Data-Entropy", product: "Data::Entropy", programFiles: [ "lib/Data/Entropy.pm", ], vendor: "ZEFRAM", versions: [ { lessThan: "0.008", status: "affected", version: "0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Robert Rothenberg (RRWO)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, <span style=\"background-color: rgb(255, 255, 255);\">which is not</span><span style=\"background-color: rgb(255, 255, 255);\"> cryptographically secure,</span> for cryptographic functions.<br><br><br>", }, ], value: "Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-338", description: "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-28T02:01:52.834Z", orgId: "9b29abf9-4ab0-4765-b253-1875cd9b441e", shortName: "CPANSec", }, references: [ { url: "https://perldoc.perl.org/functions/rand", }, { url: "https://metacpan.org/release/ZEFRAM/Data-Entropy-0.007/source/lib/Data/Entropy.pm#L80", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Version 0.008 was released to address the issue and this module has been marked as deprecated. Users should upgrade and plan to migrate to a different module.", }, ], value: "Version 0.008 was released to address the issue and this module has been marked as deprecated. Users should upgrade and plan to migrate to a different module.", }, ], source: { discovery: "UNKNOWN", }, title: "Data::Entropy for Perl uses insecure rand() function for cryptographic functions", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9b29abf9-4ab0-4765-b253-1875cd9b441e", assignerShortName: "CPANSec", cveId: "CVE-2025-1860", datePublished: "2025-03-28T00:56:08.647Z", dateReserved: "2025-03-03T00:08:28.075Z", dateUpdated: "2025-04-02T22:03:16.908Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }