VDB
CVE-2018-25107
CVE-2018-25107
PUBLISHED
The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand() function, which is not a secure source of random bits.
EPSS 0.22% · 45.1th percentile
Risk Scores
EPSS Score
0.22%
45.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | libcrypt-random-source-perl | 0, 0.11-1, 0.11-2 |
| Ubuntu:18.04:LTS | libcrypt-random-source-perl | 0.11-3, 0.12-1, 0 |
Exploit Intelligence
- CIRCL seen: CVE-2018-25107 (circl-sighting)
- CIRCL seen: CVE-2018-25107 (circl-sighting)
- https://github.com/karenetheridge/Crypt-Random-Source/pull/3 (circl)
- https://metacpan.org/release/ETHER/Crypt-Random-Source-0.13/changes (circl)
Timeline
- Dec 29, 2024 CVE Published
- Dec 29, 2024 PoC Published
- Dec 29, 2024 PoC Published
- Dec 30, 2024 EPSS Score
- Dec 31, 2024 CVE Updated
- Jan 15, 2025 EPSS Score
- Jan 31, 2025 EPSS Score
- Feb 16, 2025 EPSS Score
- Mar 5, 2025 EPSS Score
- Mar 21, 2025 EPSS Score
- Apr 6, 2025 EPSS Score
- Apr 22, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-25107 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-25107 third-party-advisory
- https://github.com/karenetheridge/Crypt-Random-Source/pull/3 third-party-advisory
- https://metacpan.org/release/ETHER/Crypt-Random-Source-0.13/changes third-party-advisory