CVE-2026-2474

Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypturandomgetrandom. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer...

CVE-2026-2474

In CVE-2026-2474, Crypt::URandom for Perl versions 0.41 through 0.54 is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom(). The flaw: the code does not validate that the length parameter is non-negative. If a negative length is supplied, length + 1u wraps to a small...

CVE-2026-2474 Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom()

Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypturandomgetrandom. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer...

Crypt::URandom 安全漏洞

Crypt::URandom is an encrypted Perl library developed by DDICK’s individual developers. Versions of Crypt::URandom prior to 0.55 contained security vulnerabilities. These vulnerabilities stemmed from a heap buffer overflow in the XS function crypturandomgetrandom. This function did not validate t...