CVE-2006-0898
libcrypt-cbc-perl - programming error
EPSS 1.4%
描述
Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.
如何修補 CVE-2006-0898
要修補 CVE-2006-0898,請將受影響套件升級到下列已修補版本。
- Debian/libcrypt-cbc-perl—升級至 2.17-1 或更新版本
- Debian/libcrypt-cbc-perl—升級至 2.12-1sarge1 或更新版本
CVE-2006-0898 正在被利用嗎?
低 — EPSS 為 1.4%,目前沒有觀察到大規模利用活動。
受影響套件(2)
- from 0, < 2.17-1
- from 0, < 2.12-1sarge1