QwikSec

Security Database

CVE

CWE

Training

CVE-2024-57854

Published: Mar 5, 2026

Modified: Mar 5, 2026

PUBLISHED

Description

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.

Vendor	Product	Versions
DOUGDUDE	Net::NSCA::Client	affected `0 - <= 0.009002`

Weaknesses (CWE)

References

https://metacpan.org/release/DOUGDUDE/Net-NSCA-Client-0.009002/source/lib/Net/NSCA/Client/InitialPacket.pm#L119

https://patch-diff.githubusercontent.com/raw/dougwilson/perl5-net-nsca-client/pull/2.patch

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.