Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses

Filter by:

With package: perl5Packages.CryptScryptKDF

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-8647

created 5 days, 23 hours ago Activity log

Created suggestion 5 days, 23 hours ago

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The random_bytes function fell back to using the built-in rand() function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or Bytes::Random::Secure were available.

References

Affected products

Crypt-ScryptKDF

=<0.010

Matching in nixpkgs

pkgs.perlPackages.CryptScryptKDF

Scrypt password based key derivation function

nixos-unstable 0.010
- nixpkgs-unstable 0.010
- nixos-unstable-small 0.010
nixos-25.11 0.010
- nixos-25.11-small 0.010
- nixpkgs-25.11-darwin 0.010

pkgs.perl5Packages.CryptScryptKDF

Scrypt password based key derivation function

nixos-unstable 0.010
- nixpkgs-unstable 0.010
- nixos-unstable-small 0.010

pkgs.perl538Packages.CryptScryptKDF

Scrypt password based key derivation function

nixos-25.11 0.010
- nixos-25.11-small 0.010
- nixpkgs-25.11-darwin 0.010

pkgs.perl540Packages.CryptScryptKDF

Scrypt password based key derivation function

nixos-25.11 0.010
- nixos-25.11-small 0.010
- nixpkgs-25.11-darwin 0.010

Package maintainers

@stigtsp Stig Palmquist <stig@stig.io>

1