CVE-2024-58041
Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions
CVSS Score
9.1
EPSS Score
0.0%
EPSS Percentile
0th
Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions. Smolder 1.51 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Smolder::DB::Developer uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.
| CWE | CWE-338 |
| Vendor | wonko |
| Product | smolder |
| Published | Feb 23, 2026 |
| Last Updated | Feb 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for wonko smolder
Be the first to know when new critical vulnerabilities affecting wonko smolder are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
WONKO / Smolder
0 โค 1.51
References
perldoc.perl.org: https://perldoc.perl.org/functions/rand security.metacpan.org: https://security.metacpan.org/docs/guides/random-data-for-security.html metacpan.org: https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537 metacpan.org: https://metacpan.org/release/WONKO/Smolder-1.51/source/lib/Smolder/DB/Developer.pm#L5 metacpan.org: https://metacpan.org/release/WONKO/Smolder-1.51/source/lib/Smolder/DB/Developer.pm#L221
Credits
Robert Rothenberg (RRWO)