CVE-2024-58041 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: February 24, 2026
Smolder - Weak Cryptography
Published: February 24, 2026Updated: February 24, 2026Remote Exploitable
Overview
Smolder <= 1.51 for Perl contains weak cryptography caused by use of insecure rand() function in Data::Random library for cryptographic functions, letting attackers potentially predict cryptographic values, exploit requires no special privileges.
Severity & Score
Severity: Critical
CVSS Score: 9.1
Impact
Attackers can predict cryptographic values, potentially compromising security mechanisms relying on randomness.
Mitigation
Update to the latest version that replaces rand() with a cryptographically secure random number generator.
References
- https://metacpan.org/release/WONKO/Smolder-1.51/source/lib/Smolder/DB/Developer.pm#L5
- https://perldoc.perl.org/functions/rand
- https://security.metacpan.org/docs/guides/random-data-for-security.html
- https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537
- https://metacpan.org/release/WONKO/Smolder-1.51/source/lib/Smolder/DB/Developer.pm#L221
Related Resources
Details
- CVE ID
- CVE-2024-58041
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- weak_cryptography
- Status
- unconfirmed
CWE
- CWE-338
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N