CVE-2024-57868

CVSS v3.1

5.5

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Web::API versions 2.8 and earlier

Description The issue concerns the use of a non-cryptographically secure source of entropy for cryptographic functions. Specifically, Web::API uses the Data::Random library, which relies on the rand() function. This library is intended for use in test programs, indicating its inadequacy for secure cryptographic operations.

Recommendations For Web::API versions 2.8 and earlier, consider updating to a version that utilizes a cryptographically secure source of entropy for its cryptographic functions. As a temporary workaround, consider disabling the use of the Data::Random library until a secure alternative is implemented. Restrict access to cryptographic functions that rely on the rand() function to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-331CWE-338

Related Identifiers

CVE-2024-57868

Affected Products

Data::Random

Debian

Web::Api

CVE-2024-57868

Weakness Enumeration

Related Identifiers

Affected Products

References · 20