Fluid Attacks Database

Description

Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	libcrypt-cbc-perl	>=0 <2.17-1	2.17-1
debian 12	libcrypt-cbc-perl	>=0 <2.17-1	2.17-1
debian 11	libcrypt-cbc-perl	>=0 <2.17-1	2.17-1
debian 13	libcrypt-cbc-perl	>=0 <2.17-1	2.17-1

Aliases

1. CVE-2006-08982. NVD-2006-08983. OSV-DEBIAN-2006-08984. OSV-2006-08985. SECURITY-TRACKER-CVE-2006-0898

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.