CVE-2024-56830

The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong randomization module is present.
PRNG
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
mitreCNA
5.4 MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Debian logo
Debian Releases
Debian Product
Codename
libnet-easytcp-perl
bullseye
vulnerable
bullseye (security)
0.26-6+deb11u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libnet-easytcp-perl
questing
dne
plucky
dne
oracular
ignored
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/briandfoy/cpan-security-advisory/issues/184
https://metacpan.org/release/MNAGUIB/EasyTCP-0.26/changes
https://lists.debian.org/debian-lts-announce/2025/04/msg00015.html