CVE-2025-2814

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-2814

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2814.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-2814

Related

UBUNTU-CVE-2025-2814

Published

2025-04-13T00:15:14Z

Modified

2025-04-15T20:42:02.637198Z

Summary

[none]

Details

Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to use the insecure rand() function.

References

Affected packages

Debian:11 / libcrypt-cbc-perl

Package

Name: libcrypt-cbc-perl
Purl: pkg:deb/debian/libcrypt-cbc-perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.33-2

3.*

3.04-1

3.04-2

3.04-3

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / libcrypt-cbc-perl

Package

Name: libcrypt-cbc-perl
Purl: pkg:deb/debian/libcrypt-cbc-perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.04-3

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / libcrypt-cbc-perl

Package

Name: libcrypt-cbc-perl
Purl: pkg:deb/debian/libcrypt-cbc-perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.04-3

Ecosystem specific

{
    "urgency": "unimportant"
}