In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong. (CVE-2025-22376) References: . MGASA-2025-0062 - Updated perl-Net-OAuth, perl-Crypt-URandom & perl-Module-Build packages fix security vulnerability Publication date: 13 Feb 2025 URL: https://advisories.mageia.org/MGASA-2025-0062.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-22376 In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong. (CVE-2025-22376) References: - https://bugs.mageia.org/show_bug.cgi?id=33923 - https://lists.fedoraproject.org/archives/list/
Get the latest Linux and open source security news straight to your inbox.