PT-2025-15067 · Unknown+1 · Net::Dropbox::Api+2
Robert Rothenberg
·
Published
2025-04-05
·
Updated
2025-09-29
·
CVE-2024-58036
CVSS v3.1
5.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Net::Dropbox::API versions 1.9 and earlier
Description
The issue concerns the use of a non-cryptographically secure source of entropy for cryptographic functions. Specifically, Net::Dropbox::API uses the Data::Random library, which relies on the
rand() function and is considered suitable mostly for test programs. This weakness can lead to cryptographically weak random number generation.Recommendations
For Net::Dropbox::API versions 1.9 and earlier, consider updating to a version that uses a cryptographically secure source of entropy for its cryptographic functions. As a temporary workaround, consider disabling the use of the Data::Random library until a secure alternative is implemented. Restrict access to cryptographic functions that rely on the
rand() function to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Data::Random
Debian
Net::Dropbox::Api