Primary

Context

Crypt::DSA Seed Generation Vulnerability in Perl

Vulnerability

A vulnerability exists in Crypt::DSA versions prior to 1.20 for Perl, where the random seed generation relies on Perl's built-in rand function. This method is predictable and not suitable for cryptographic purposes. The issue has been addressed in version 1.20, which replaces the use of rand with a more secure alternative.

Impact

The vulnerability could lead to predictable DSA key generation, undermining the security of cryptographic operations that rely on DSA signatures.

Remediation

Users can upgrade to Crypt::DSA version 1.20 or later to address this vulnerability.

Added: May 15, 2026, 10:19 PM

Updated: May 15, 2026, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

8.4

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

8.4

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Crypt::DSA Seed Generation Vulnerability in Perl

Vulnerability

Impact

Remediation

Affected Products

Crypt::DSA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating