Skip to content

Commit dd11b13

Browse files
committed
add: AVE-2018-0036
1 parent aae864b commit dd11b13

1 file changed

Lines changed: 18 additions & 25 deletions

File tree

vulns/2018/AVE-2018-0036.toml

Lines changed: 18 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1,32 +1,25 @@
1-
[id]
2-
ave_id = "AVE-2018-0036"
3-
cve_id = "CVE-2018-25107"
4-
aliases = ["CVE-2018-25107"]
5-
61
[basic]
7-
title = "Perl Crypt::Random::Source 随机数生成器弱加密漏洞"
8-
description = "Perl 的 Crypt::Random::Source 包在 0.13 版本之前存在安全缺陷,当无法获取系统安全随机源时会回退使用 Perl 内置的 rand() 函数。该函数为弱伪随机数生成器(PRNG),产生的随机数可被预测,攻击者可能利用此漏洞获取会话密钥等敏感信息。攻击者无需认证即可通过网络远程利用,具备高机密性影响。"
9-
severity = "HIGH"
10-
score = 7.5
11-
remediation = "升级 Crypt::Random::Source 至 0.13 或更高版本。可通过 CPAN 安装修复版本:cpanm Crypt::Random::Source,或更新 Perl 环境中相关依赖包至包含安全修复的最新版本。"
12-
published = "2024-12-29"
13-
updated = "2026-06-16"
14-
sources = ["avd", "nvd"]
15-
16-
[affected]
17-
vendor = "Perl"
18-
product = "Crypt::Random::Source"
19-
20-
[references]
21-
nvd = "https://nvd.nist.gov/vuln/detail/CVE-2018-25107"
22-
avd = ""
23-
other = ["https://github.com/karenetheridge/Crypt-Random-Source/pull/3", "https://metacpan.org/release/ETHER/Crypt-Random-Source-0.13/changes"]
2+
description = ""
3+
published = ""
4+
remediation = "Refer to vendor advisory and upgrade to fixed version."
5+
score = 0.0
6+
severity = "UNKNOWN"
7+
sources = ["avd"]
8+
title = "CVE-2018-25107 漏洞"
9+
updated = ""
2410

2511
[exploit]
26-
poc_urls = []
2712
exp_urls = []
28-
nuclei_templates = []
13+
poc_urls = []
14+
15+
[id]
16+
aliases = ["CVE-2018-25107"]
17+
ave_id = "AVE-2018-0036"
18+
cve_id = "CVE-2018-25107"
2919

3020
[meta]
31-
collected_at = "2026-07-10T12:52:50.648258229+00:00"
21+
collected_at = "2026-07-10T21:36:34.668679989+00:00"
3222
status = "completed"
23+
24+
[references]
25+
urls = []

0 commit comments

Comments
 (0)