Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.1
Perl's NSCA Client Uses Weak Random Number Generator
CVE-2024-57854
Summary
Older Perl NSCA Client versions use a weak random number generator, which can compromise encryption. This makes it easier for attackers to intercept sensitive information. Update to version 0.003 or later to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| dougdude | net\ | \ | – |
Original title
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.
Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random ini...
Original description
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.
Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors.
Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.
Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors.
Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.
nvd CVSS3.1
9.1
Vulnerability type
CWE-338
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026