affected

created on 25 Sep 2025

NIXPKGS-2025-0015

Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. Crypt::Random::rand 1.05 through 1.55 uses the rand() function. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will default to use the insecure Crypt::Random::rand provider. In particular, Windows versions of perl will encounter this issue by default.

Vulnerabilities

CVE-2025-1828

Related packages

pkgs.perl538Packages.CryptRandom

Interface to /dev/random and /dev/urandom

nixos-unstable 1.54
- nixos-unstable-small 1.54
- nixpkgs-unstable 1.54

pkgs.perl540Packages.CryptRandom

Interface to /dev/random and /dev/urandom

nixos-unstable 1.54
- nixos-unstable-small 1.54
- nixpkgs-unstable 1.54

pkgs.perl538Packages.CryptRandomSeed

Provide strong randomness for seeding

nixos-unstable 0.03
- nixos-unstable-small 0.03
- nixpkgs-unstable 0.03

pkgs.perl540Packages.CryptRandomSeed

Provide strong randomness for seeding

nixos-unstable 0.03
- nixos-unstable-small 0.03
- nixpkgs-unstable 0.03

pkgs.perl538Packages.CryptRandomSource

Get weak or strong random data from pluggable sources

nixos-unstable 0.14
- nixos-unstable-small 0.14
- nixpkgs-unstable 0.14

pkgs.perl538Packages.CryptRandomTESHA2

Random numbers using timer/schedule entropy, aka userspace voodoo entropy

nixos-unstable TESHA2-0.01
- nixos-unstable-small TESHA2-0.01
- nixpkgs-unstable TESHA2-0.01

pkgs.perl540Packages.CryptRandomSource