The Perl module Crypt::URandom contains a heap buffer overflow in the XS function crypt_urandom_getrandom() when the length argument is negative. Because the function fails to validate that the length is non‑negative, a negative value such as –1 causes an integer wraparound; the calculation length + 1u results in zero bytes allocated, while the subsequent call to getrandom() passes the original negative value as an unsigned quantity, typically SIZE_MAX. This mismatch allows the module to write beyond the allocated buffer, corrupting heap memory and causing the application to crash, which manifests as a denial of service. The vulnerability does not provide a direct path to remote code execution or information disclosure by itself. Based on the description, it is inferred that the attacker would need to provide a negative length argument, which in practice would require a point of input that is not properly validated or is controlled by an attacker.

All installations of the DDICK Crypt::URandom module from version 0.41 up to and including 0.54 are affected. The fix is included in version 0.55 and later, which validates the length argument. The vulnerability applies to all platforms that use these versions, regardless of operating system, because it resides in native XS code shared across Perl interpreters. No specific operating system or architecture is excluded by the CVE data.

The CVSS base score of 7.5 indicates high severity, while the EPSS score below 1% suggests a very low probability of exploitation in the wild. The vulnerability is not listed in CISA's KEV catalog. The most likely attack vector, inferred from the lack of explicit user interaction in the CVE data, is through malicious or improperly sanitized input supplied to the length parameter. In typical usage the length is hardcoded, which limits exploitation opportunities, but applications that accept untrusted input for this parameter remain at risk of triggering the heap overflow and causing a denial of service.