In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl,
the default nonce is a 32-bit integer generated from the built-in rand()
function, which is not cryptographically strong. (CVE-2025-22376)
- https://bugs.mageia.org/show_bug.cgi?id=33923
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLAEBHWU2NBVEDHXVVKYY4Y2XLNJX2VX/
- https://www.cve.org/CVERecord?id=CVE-2025-22376
- 9/core/perl-Net-OAuth-0.300.0-1.mga9
- 9/core/perl-Crypt-URandom-0.370.0-1.mga9
- 9/core/perl-Module-Build-0.423.400-1.mga9
Get the latest Linux and open source security news straight to your inbox.