/ 
Crypt-CBC-3.07
River stage three • 74 direct dependents • 143 total dependents
Security Advisories (1)
CVE-2025-2814 (2025-04-13)

Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable.  In that case, Crypt::CBC will fallback to use the insecure rand() function.

Changes for version 3.07 - 2025-07-27

  • Changes Since 3.04
    • New maintainer
    • Fix CVE-2025-2814 by using Crypt::URandom
    • 3.05 Fixed bug involving manually-specified key not being used in some circumstances
    • Fix decryption of ciphertext created with 'header' => 'randomiv'
    • Fixed bug in which manually-specified key and -pkdf=>"none" was not having effect
    • Converted build process to Dist::Zilla
    • Miscellaneous minor Dist::Zilla relates changes
  • Detailed Change Log
    • 74e3a10 Increment repo version
    • feb4b31 Rename vulnerabilities file add CVE-2025-2814
    • 236c363 Update .gitignore
    • 4a39da8 Fix spelling error
    • 99d336a Automate version with Dist::Zilla
    • 89ac06d Convert build process to Dist::Zilla
    • 784d599 Fix CVE-2025-2814 by using Crypt::URandom to read random bytes
    • 81a8f77 Add test for github issue #7
    • 40d0e13 Increment version
    • 160af60 Fix decryption of ciphertext created with 'header' => 'randomiv'
    • 524db90 Fixed bug in which manually-specified key and -pkdf=>"none" was not having effect

Modules

Crypt::CBC
Encrypt Data with Cipher Block Chaining Mode

Provides

Crypt::CBC::PBKDF
in lib/Crypt/CBC/PBKDF.pm
Crypt::CBC::PBKDF::none
in lib/Crypt/CBC/PBKDF/none.pm
Crypt::CBC::PBKDF::opensslv1
in lib/Crypt/CBC/PBKDF/opensslv1.pm
Crypt::CBC::PBKDF::opensslv2
in lib/Crypt/CBC/PBKDF/opensslv2.pm
Crypt::CBC::PBKDF::pbkdf2
in lib/Crypt/CBC/PBKDF/pbkdf2.pm
Crypt::CBC::PBKDF::randomiv
in lib/Crypt/CBC/PBKDF/randomiv.pm

Examples

Other files