GHSA-CQ8V-F236-94QC Rand is unsound with a custom logger using rand::rng()

It has been reported by @lopopolo that the rand library is unsound i.e. that safe code using the public API can cause Undefined Behaviour when all the following conditions are met: - The log and threadrng features are enabled - A custom logger is defined - The custom logger accesses rand::rng...

Rand is unsound with a custom logger using `rand::rng()`

It has been reported by @lopopolo that the rand library is unsound i.e. that safe code using the public API can cause Undefined Behaviour when all the following conditions are met: - The log and threadrng features are enabled - A custom logger is defined - The custom logger accesses rand::rng...

SUSE SLES12 Security Update : perl-Crypt-URandom (SUSE-SU-2026:1170-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1170-1 advisory. This update for perl-Crypt-URandom fixes the following issue: Update to 0.550.0 0.55: - CVE-2026-2474: heap buffer overflow in the XS function...

CVE-2026-2597

Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buffer overflow in the XS function randombytes. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer wraparound,...

UBUNTU-CVE-2026-2597

Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buffer overflow in the XS function randombytes. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer wraparound,...

CVE-2025-0577

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions...

CVE-2025-0577 Glibc: vdso getrandom acceleration may return predictable randomness

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions...

CVE-2025-0577

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions...

CVE-2025-0577

CVE-2025-0577 : In glibc, the getrandom/arc4random family may return predictable randomness when a fork occurs concurrently with a subsequent call to these functions. The CVSSv3.1 base score is 4.8 (MEDIUM) with low confidentiality and integrity impacts and no availability impact. Connected advis...

CVE-2026-2474

CVE-2026-2474 affects Perl Crypt-URandom up to 0.54; a negative length passed to crypt_urandom_getrandom() causes wraparound, leading to a zero-byte allocation and potential heap memory corruption with denial-of-service. Fix: update to 0.550.0 (0.55) as released in SUSE/OpenSUSE and Fedora adviso...

CVE-2026-2474 Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom()

Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypturandomgetrandom. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer...

CVE-2026-2474

Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypturandomgetrandom. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer...

Crypt::URandom 安全漏洞

Crypt::URandom is an encrypted Perl library developed by DDICK’s individual developers. Versions of Crypt::URandom prior to 0.55 contained security vulnerabilities. These vulnerabilities stemmed from a heap buffer overflow in the XS function crypturandomgetrandom. This function did not validate t...

PT-2026-8385

Name of the Vulnerable Software and Affected Versions Crypt::URandom versions 0.41 through 0.55 Description The Perl module Crypt::URandom is susceptible to a heap buffer overflow within the crypt urandom getrandom function. The issue arises because the function does not properly validate the...

Fedora 41 : glibc (2024-846e191001)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-846e191001 advisory. This update addresses a security vulnerability in the getrandom and arc4random implementation CVE-2024-12455 on POWER systems pcpc64le. Other architectures a...

The vulnerability of the getrandom() function in the system library glibc, which allows a hacker to trigger a denial-of-service attack

The vulnerability of the getrandom function in the glibc system library is related to incomplete recognition of internal state. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

CVE-2024-12455

A flaw was found in Fedora 41's glibc implementation of getrandom for ppc64le. This issue occurs due to an implementation error for a vDSO indirect function call and the way the return of success and possible error codes are signaled on this platform. As a result, getrandom fails to produce...

CVE-2024-12455

powerpc: getrandom returns EINVAL as retcode instead of errno...

glibc 安全漏洞

glibc GNU C Library is a C standard library implemented by a GNU project of the GNU community. A security vulnerability exists in glibc version 2.40-12.fc41, which stems from a bug in the implementation of the getrandom function on the ppc64le architecture, resulting in an inability to generate a...

openSUSE Security Update : nsd (openSUSE-2020-2222)

This update for nsd fixes the following issues : nsd was updated to the new upstream release 4.3.4 FEATURES : - Merge PR 141: ZONEMD RR type. BUG FIXES : - Fix that symlink does not interfere with chown of pidfile boo1179191, CVE-2020-28935 - Fix 128: Fix that the invalid port number is logged fo...