CVE-2011-3599
EPSS 2.3%
Description
The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.
How to fix CVE-2011-3599
To remediate CVE-2011-3599, upgrade the affected package to a fixed version below.
- Debian/libcrypt-dsa-perl—upgrade to 1.17-3 or later
Is CVE-2011-3599 being exploited?
Low — EPSS is 2.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.17-3