Fluid Attacks Database

Description

The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	libcrypt-dsa-perl	>=0 <1.17-3	1.17-3
debian 11	libcrypt-dsa-perl	>=0 <1.17-3	1.17-3
debian 13	libcrypt-dsa-perl	>=0 <1.17-3	1.17-3
debian 14	libcrypt-dsa-perl	>=0 <1.17-3	1.17-3

Aliases

1. CVE-2011-35992. NVD-2011-35993. OSV-DEBIAN-2011-35994. OSV-2011-35995. SECURITY-TRACKER-CVE-2011-3599

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.