Upstream information
Description
Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| CNA (CISA-ADP) | |
|---|---|
| Base Score | 7.7 |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | None |
| CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- openSUSE-SU-2025:0123-1, published Wed Apr 16 22:50:06 2025
- openSUSE-SU-2025:14960-1, published Thu Apr 3 18:50:39 2025
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Package Hub 15 SP6 |
| Patchnames: openSUSE-2025-123 |
| openSUSE Leap 15.6 |
| Patchnames: openSUSE-2025-123 |
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2025-14960 |
SUSE Timeline for this CVE
CVE page created: Fri Mar 28 04:00:11 2025CVE page last modified: Tue May 13 12:29:46 2025