Skip to main content

Crypt CVE-2026-30910

HIGH
Integer Overflow or Wraparound (CWE-190)
2026-03-08 9b29abf9-4ab0-4765-b253-1875cd9b441e
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Mar 08, 2026 - 02:16 nvd
HIGH 7.5

DescriptionCVE.org

Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows.

Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. This can cause a crash in bin2hex and encryption algorithms other than aes256gcm. For aes256gcm encryption and signatures, an undersized buffer could lead to buffer overflow.

Encountering this issue is unlikely as the message length would need to be very large.

For bin2hex the input size would have to be > SIZE_MAX / 2 For aegis encryption the input size would need to be > SIZE_MAX - 32U For other encryption the input size would need to be > SIZE_MAX - 16U For signatures the input size would need to be > SIZE_MAX - 64U

AnalysisAI

Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. [CVSS 7.5 HIGH]

Technical ContextAI

Classified as CWE-190 (Integer Overflow or Wraparound). Affects Crypt\. Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows.

Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. This can cause a crash in bin2hex and encryption algorithms other than aes256gcm. For aes256gcm encryption and signatures, an undersized buffer could lead to buffer overflow.

Encountering this issue is

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.

More in Crypt

View all
CVE-2026-30909 CRITICAL
9.8 Mar 08

Perl Crypt::NaCl::Sodium module through 2.002 has potential integer overflows in cryptographic operations that could wea

CVE-2026-2588 CRITICAL
9.1 Feb 23

Integer overflow in Crypt::NaCl::Sodium Perl module through version 2.001 on 32-bit systems. The Sodium.xs binding casts

CVE-2026-58102 CRITICAL
9.1 Jul 13

Heap out-of-bounds read in the Crypt::OpenSSL::X509 Perl module (versions before 2.1.3) lets a crafted X.509 certificate

CVE-2026-9265 CRITICAL
9.1 Jun 20

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_

CVE-2026-14570 HIGH
7.5 Jul 05

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, lead

CVE-2026-2597 HIGH
7.5 Feb 27

Heap buffer overflow in Crypt::SysRandom::XS before version 0.010 allows denial of service through negative length param

CVE-2026-5086 HIGH
7.5 Apr 13

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuff

CVE-2026-6659 HIGH
7.5 May 08

Weak salt generation in Crypt::PasswdMD5 (Perl) through version 1.42 enables password hash cracking via predictable rand

CVE-2026-58101 HIGH
7.5 Jul 13

Denial of service in the Crypt::OpenSSL::X509 Perl module before 2.1.3 lets a malformed X.509 certificate crash any Perl

CVE-2026-9638 HIGH
7.5 Jun 12

Predictable salt generation in the Perl Crypt::PBKDF2 module before version 0.261630 weakens the cryptographic strength

CVE-2026-8704 MEDIUM
6.5 May 15

File overwrite and information disclosure in Crypt::DSA through version 1.19 for Perl expose systems where user-controll

CVE-2017-20240 MEDIUM
5.9 Jun 12

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. Rated medium severity (CVSS 5.9), this

Share

CVE-2026-30910 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy