Smolder 1.51 and earlier for Perl uses weak random number generator

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.1

Smolder 1.51 and earlier for Perl uses weak random number generator

CVE-2024-58041

Summary

The Smolder Perl module uses a non-secure random number generator for certain functions, potentially compromising the security of cryptographic operations. This could allow an attacker to predict or manipulate random numbers, leading to vulnerabilities in applications that use Smolder. Update to Smolder version 1.52 or later to address this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
wonko	smolder	<= 1.51	–

Original title

Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions. Smolder 1.51 and earlier for Perl uses the rand() function as the default source of entropy, which...

Original description

Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions.

Smolder 1.51 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Specifically Smolder::DB::Developer uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.

nvd CVSS3.1 9.1

Vulnerability type

CWE-338

https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm... Issue Tracking
https://metacpan.org/release/WONKO/Smolder-1.51/source/lib/Smolder/DB/Developer.... Issue Tracking
https://metacpan.org/release/WONKO/Smolder-1.51/source/lib/Smolder/DB/Developer.... Issue Tracking
https://perldoc.perl.org/functions/rand Third Party Advisory
https://security.metacpan.org/docs/guides/random-data-for-security.html Third Party Advisory

Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026