GHSA-CQ8V-F236-94QC Rand is unsound with a custom logger using rand::rng()

It has been reported by @lopopolo that the rand library is unsound i.e. that safe code using the public API can cause Undefined Behaviour when all the following conditions are met: - The log and threadrng features are enabled - A custom logger is defined - The custom logger accesses rand::rng...

Rand is unsound with a custom logger using `rand::rng()`

It has been reported by @lopopolo that the rand library is unsound i.e. that safe code using the public API can cause Undefined Behaviour when all the following conditions are met: - The log and threadrng features are enabled - A custom logger is defined - The custom logger accesses rand::rng...

SUSE SLES12 Security Update : perl-Crypt-URandom (SUSE-SU-2026:1170-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1170-1 advisory. This update for perl-Crypt-URandom fixes the following issue: Update to 0.550.0 0.55: - CVE-2026-2474: heap buffer overflow in the XS function...

CVE-2026-2597

Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buffer overflow in the XS function randombytes. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer wraparound,...

UBUNTU-CVE-2026-2597

Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buffer overflow in the XS function randombytes. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer wraparound,...

CVE-2025-0577

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions...

CVE-2025-0577

CVE-2025-0577 is a glibc vulnerability affecting randomness sources (getrandom/arc4random) when a multi-threaded process forks and creates additional threads; Fedora advisories attribute fixed updates to glibc (e.g., Fedora 40/41) with CVE-2025-0395 as well, documenting that patched versions incl...

CVE-2025-0577 Glibc: vdso getrandom acceleration may return predictable randomness

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions...

CVE-2025-0577

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions...

CVE-2026-2474

In CVE-2026-2474, Crypt::URandom for Perl versions 0.41 through 0.54 is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom(). The flaw: the code does not validate that the length parameter is non-negative. If a negative length is supplied, length + 1u wraps to a small...

CVE-2026-2474

Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypturandomgetrandom. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer...

CVE-2026-2474 Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom()

Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypturandomgetrandom. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer...

Crypt::URandom 安全漏洞

Crypt::URandom is an encrypted Perl library developed by DDICK’s individual developers. Versions of Crypt::URandom prior to 0.55 contained security vulnerabilities. These vulnerabilities stemmed from a heap buffer overflow in the XS function crypturandomgetrandom. This function did not validate t...

PT-2026-8385

Name of the Vulnerable Software and Affected Versions Crypt::URandom versions 0.41 through 0.55 Description The Perl module Crypt::URandom is susceptible to a heap buffer overflow within the crypt urandom getrandom function. The issue arises because the function does not properly validate the...

Fedora 41 : glibc (2024-846e191001)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-846e191001 advisory. This update addresses a security vulnerability in the getrandom and arc4random implementation CVE-2024-12455 on POWER systems pcpc64le. Other architectures a...

CVE-2024-12455

powerpc: getrandom returns EINVAL as retcode instead of errno...

CVE-2024-12455

A flaw was found in Fedora 41's glibc implementation of getrandom for ppc64le. This issue occurs due to an implementation error for a vDSO indirect function call and the way the return of success and possible error codes are signaled on this platform. As a result, getrandom fails to produce...

glibc 安全漏洞

glibc GNU C Library is a C standard library implemented by a GNU project of the GNU community. A security vulnerability exists in glibc version 2.40-12.fc41, which stems from a bug in the implementation of the getrandom function on the ppc64le architecture, resulting in an inability to generate a...

openSUSE Security Update : nsd (openSUSE-2020-2222)

This update for nsd fixes the following issues : nsd was updated to the new upstream release 4.3.4 FEATURES : - Merge PR 141: ZONEMD RR type. BUG FIXES : - Fix that symlink does not interfere with chown of pidfile boo1179191, CVE-2020-28935 - Fix 128: Fix that the invalid port number is logged fo...

Security update for nsd (moderate)

openSUSE Security Update: Security update for nsd Announcement ID: openSUSE-SU-2020:2222-1 Rating: moderate References: 1157331 1179191 Cross-References: CVE-2019-13207 CVE-2020-28935 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 openSUSE Backports SLE-15-SP2 openSUSE Backports...