{"url":"http://public2.vulnerablecode.io/api/packages/101479?format=json","purl":"pkg:deb/debian/libcrypt-dsa-perl@1.17-5?distro=trixie","type":"deb","namespace":"debian","name":"libcrypt-dsa-perl","version":"1.17-5","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.20-1","latest_non_vulnerable_version":"1.20-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75757?format=json","vulnerability_id":"VCID-aww3-ke1v-hufq","summary":"Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8704","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01645","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01652","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01658","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01657","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.0165","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8704"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136809","reference_id":"1136809","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136809"},{"reference_url":"https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/changes","reference_id":"changes","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-18T15:05:39Z/"}],"url":"https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/changes"},{"reference_url":"https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/diff/TIMLEGGE/Crypt-DSA-1.19#lib/Crypt/DSA/Key.pm","reference_id":"Key.pm","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-18T15:05:39Z/"}],"url":"https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/diff/TIMLEGGE/Crypt-DSA-1.19#lib/Crypt/DSA/Key.pm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101482?format=json","purl":"pkg:deb/debian/libcrypt-dsa-perl@1.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypt-dsa-perl@1.20-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8704"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aww3-ke1v-hufq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75755?format=json","vulnerability_id":"VCID-feg7-978q-ufgh","summary":"Crypt::DSA versions before 1.20 for Perl generate seeds using rand.  Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8700","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03593","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03603","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03617","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03609","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03586","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8700"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8700","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8700"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136808","reference_id":"1136808","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136808"},{"reference_url":"https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/changes","reference_id":"changes","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-18T15:03:59Z/"}],"url":"https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/changes"},{"reference_url":"https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/diff/TIMLEGGE/Crypt-DSA-1.19#lib/Crypt/DSA/KeyChain.pm","reference_id":"KeyChain.pm","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-18T15:03:59Z/"}],"url":"https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/diff/TIMLEGGE/Crypt-DSA-1.19#lib/Crypt/DSA/KeyChain.pm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101482?format=json","purl":"pkg:deb/debian/libcrypt-dsa-perl@1.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypt-dsa-perl@1.20-1%3Fdistro=trixie"}],"aliases":["CVE-2026-8700"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-feg7-978q-ufgh"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75753?format=json","vulnerability_id":"VCID-j2tg-d3c5-c7fn","summary":"The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3599","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58298","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58346","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58354","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58345","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5833","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58349","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3599"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644189","reference_id":"644189","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644189"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101480?format=json","purl":"pkg:deb/debian/libcrypt-dsa-perl@1.17-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypt-dsa-perl@1.17-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101481?format=json","purl":"pkg:deb/debian/libcrypt-dsa-perl@1.17-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aww3-ke1v-hufq"},{"vulnerability":"VCID-feg7-978q-ufgh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypt-dsa-perl@1.17-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101479?format=json","purl":"pkg:deb/debian/libcrypt-dsa-perl@1.17-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aww3-ke1v-hufq"},{"vulnerability":"VCID-feg7-978q-ufgh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypt-dsa-perl@1.17-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101483?format=json","purl":"pkg:deb/debian/libcrypt-dsa-perl@1.19-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aww3-ke1v-hufq"},{"vulnerability":"VCID-feg7-978q-ufgh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypt-dsa-perl@1.19-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101482?format=json","purl":"pkg:deb/debian/libcrypt-dsa-perl@1.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypt-dsa-perl@1.20-1%3Fdistro=trixie"}],"aliases":["CVE-2011-3599"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j2tg-d3c5-c7fn"}],"risk_score":"1.8","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypt-dsa-perl@1.17-5%3Fdistro=trixie"}