/ 
Crypt-SysRandom-XS-0.006
River stage zero No dependents
/ Crypt::SysRandom::XS
Security Advisories (1)
CVE-2026-2597 (2026-02-27)

Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buffer overflow in the XS function random_bytes(). The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) is supplied, the expression length + 1u causes an integer wraparound, resulting in a zero-byte allocation. The subsequent call to chosen random function (e.g. getrandom) passes the original negative value, which is implicitly converted to a large unsigned value (typically SIZE_MAX). This can result in writes beyond the allocated buffer, leading to heap memory corruption and application crash (denial of service). In common usage, the length argument is typically hardcoded by the caller, which reduces the likelihood of attacker-controlled exploitation. Applications that pass untrusted input to this parameter may be affected.

NAME

Crypt::SysRandom::XS - Perl interface to system randomness, XS version

VERSION

version 0.006

SYNOPSIS

use Crypt::SysRandom::XS 'random_bytes';
my $random = random_bytes(16);

DESCRIPTION

This module uses whatever C interface is available to procure cryptographically random data from the system.

FUNCTIONS

random_bytes($count)

This will fetch a string of $count random bytes containing cryptographically secure random date.

AUTHOR

Leon Timmermans <fawaka@gmail.com>

COPYRIGHT AND LICENSE

This software is copyright (c) 2025 by Leon Timmermans.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.