Home / Vulnerability Intelligence / CVE-2024-57854

CVE-2024-57854 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 5, 2026

Net::NSCA::Client - Weak Cryptography

Published: March 5, 2026Updated: March 5, 2026Remote Exploitable

Overview

Net::NSCA::Client <= 0.009002 for Perl contains weak random number generation caused by use of Perl's built-in rand() function in Data::Rand::Obscure, letting attackers predict cryptographic values, exploit requires no special conditions.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Attackers can predict cryptographic values, potentially compromising data confidentiality and integrity.

Mitigation

Update to the latest version with a secure random number generator.

References

https://metacpan.org/release/DOUGDUDE/Net-NSCA-Client-0.009002/source/lib/Net/NSCA/Client/InitialPacket.pm#L119
https://patch-diff.githubusercontent.com/raw/dougwilson/perl5-net-nsca-client/pull/2.patch
http://www.openwall.com/lists/oss-security/2026/03/05/1

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2024-57854
Severity: Critical
CVSS Score: 9.1
Type: weak_cryptography
Status: unconfirmed

CWE

CWE-338

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N