Crypt::Random::Provider::rand

Security Advisories (2)

CPANSA-Crypt-Random-2024-001

The makerandom program that comes with Crypt::Random adds module search paths in its shebang line, potentially leading to issues with unexpected modules being loaded

https://metacpan.org/dist/Crypt-Random/changes
https://rt.cpan.org/Ticket/Display.html?id=128062
https://github.com/atoomic/Crypt-Random/pull/1

CVE-2025-1828 (2025-03-11)

Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will default to use the insecure Crypt::Random::rand provider. In particular, Windows versions of perl will encounter this issue by default.

https://github.com/perl-Crypt-OpenPGP/Crypt-Random/commit/1f8b29e9e89d8d083fd025152e76ec918136cc05
https://github.com/perl-Crypt-OpenPGP/Crypt-Random/pull/1
https://perldoc.perl.org/functions/rand

No POD found for rand.pm. Time to read the source?

To install Crypt::Random, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Crypt::Random

CPAN shell

perl -MCPAN -e shell
install Crypt::Random

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Module Install Instructions