CVE-2024-57854
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator
CVSS Score
9.1
EPSS Score
0.0%
EPSS Percentile
0th
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.
| CWE | CWE-338 |
| Vendor | dougdude |
| Product | net::nsca::client |
| Published | Mar 5, 2026 |
| Last Updated | Mar 5, 2026 |
Stay Ahead of the Next One
Get instant alerts for dougdude net::nsca::client
Be the first to know when new critical vulnerabilities affecting dougdude net::nsca::client are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
DOUGDUDE / Net::NSCA::Client
0 โค 0.009002
References
metacpan.org: https://metacpan.org/release/DOUGDUDE/Net-NSCA-Client-0.009002/source/lib/Net/NSCA/Client/InitialPacket.pm#L119 patch-diff.githubusercontent.com: https://patch-diff.githubusercontent.com/raw/dougwilson/perl5-net-nsca-client/pull/2.patch openwall.com: http://www.openwall.com/lists/oss-security/2026/03/05/1
Credits
Robert Rothenberg