Skip to main content

Crypt::DSA CVE-2026-8700

| EUVDEUVD-2026-30666 HIGH
Insufficient Entropy (CWE-331)
2026-05-15 9b29abf9-4ab0-4765-b253-1875cd9b441e GHSA-r2q3-hjc8-7x6q
7.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Generated
May 18, 2026 - 16:22 vuln.today
CVSS changed
May 18, 2026 - 16:22 NVD
7.3 (HIGH)
Patch available
May 15, 2026 - 23:02 EUVD
CVE Published
May 15, 2026 - 22:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Crypt::DSA versions before 1.20 for Perl generate seeds using rand.

Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

AnalysisAI

Cryptographic weakness in Crypt::DSA for Perl versions before 1.20 allows remote attackers to predict DSA key material because seeds are generated with Perl's built-in rand() function instead of a cryptographically secure random source. Any DSA keys, signatures, or nonces produced by affected versions may be recoverable through brute-force or statistical analysis of the predictable PRNG state. No public exploit identified at time of analysis, and EPSS probability is negligible (0.01%), but the cryptographic primitive failure means all keys generated by vulnerable versions should be considered untrusted.

Technical ContextAI

Crypt::DSA is a Perl module (distributed via CPAN under the TIMLEGGE namespace) that implements the Digital Signature Algorithm for key generation, signing, and verification. The flaw lives in lib/Crypt/DSA/KeyChain.pm where seed material for DSA parameter and key generation was drawn from Perl's core rand() function. Perl's rand() is a non-cryptographic PRNG (typically backed by drand48 or a similar linear congruential generator) whose internal state is small and easily recovered from a handful of outputs, which maps directly to CWE-331 (Insufficient Entropy). DSA in particular is acutely sensitive to predictable randomness - recovery of the per-signature nonce 'k' or the seed used during parameter generation can disclose the long-term private key.

RemediationAI

Vendor-released patch: Crypt::DSA 1.20 - upgrade immediately via 'cpanm Crypt::DSA@1.20' or the equivalent distribution package, with the upstream diff visible at https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/diff/TIMLEGGE/Crypt-DSA-1.19#lib/Crypt/DSA/KeyChain.pm and release notes at https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/changes. Critically, upgrading the module alone is insufficient: any DSA keys, parameters, or signatures generated with prior versions must be treated as compromised and re-generated after the upgrade, and trust relationships (SSH host keys, signed artifacts, certificates) anchored on those keys must be rotated. As a compensating control where immediate upgrade is impossible, stop using Crypt::DSA for new key or signature generation and switch to a binding around a vetted library such as Crypt::OpenSSL::DSA or migrate away from DSA entirely toward Ed25519/ECDSA via Crypt::OpenSSL::PKCS10 or Net::SSLeay - the trade-off is application code changes and potential interoperability work with any DSA-only peers. Review the oss-security disclosure at http://www.openwall.com/lists/oss-security/2026/05/15/26 for additional remediation discussion.

Share

CVE-2026-8700 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy