2355634 – (CVE-2025-1860) CVE-2025-1860 Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions

Bug 2355634 (CVE-2025-1860) - CVE-2025-1860 Data-Entropy: Data::Entropy for Perl uses insecure rand() function for cryptographic functions

Summary: CVE-2025-1860 Data-Entropy: Data::Entropy for Perl uses insecure rand() funct...

Keywords:
Status:	NEW
Alias:	CVE-2025-1860
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2355706 2355707 2355708 2355709
Blocks:
TreeView+	depends on / blocked

Reported:	2025-03-28 02:01 UTC by OSIDB Bzimport
Modified:	2025-03-28 09:51 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-03-28 02:01:08 UTC

Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Note You need to log in before you can comment on or make changes to this bug.