CVE-2024-57854
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.
Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors.
Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Productos afectados
DOUGDUDE · Net::NSCA::Client¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →