CVE-2026-2474 Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom()

Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypturandomgetrandom. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer...

CVE-2026-2474

CVE-2026-2474 affects Perl Crypt-URandom up to 0.54; a negative length passed to crypt_urandom_getrandom() causes wraparound, leading to a zero-byte allocation and potential heap memory corruption with denial-of-service. Fix: update to 0.550.0 (0.55) as released in SUSE/OpenSUSE and Fedora adviso...

CVE-2026-2474

Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypturandomgetrandom. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer...

Crypt::URandom 安全漏洞

Crypt::URandom is an encrypted Perl library developed by DDICK’s individual developers. Versions of Crypt::URandom prior to 0.55 contained security vulnerabilities. These vulnerabilities stemmed from a heap buffer overflow in the XS function crypturandomgetrandom. This function did not validate t...

The vulnerability of the getrandom() function in the system library glibc, which allows a hacker to trigger a denial-of-service attack

The vulnerability of the getrandom function in the glibc system library is related to incomplete recognition of internal state. Exploiting this vulnerability can allow a remote attacker to cause a service failure...