Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4DescriptionCVE.org
Crypt::DSA versions before 1.20 for Perl generate seeds using rand.
Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
AnalysisAI
Cryptographic weakness in Crypt::DSA for Perl versions before 1.20 allows remote attackers to predict DSA key material because seeds are generated with Perl's built-in rand() function instead of a cryptographically secure random source. Any DSA keys, signatures, or nonces produced by affected versions may be recoverable through brute-force or statistical analysis of the predictable PRNG state. No public exploit identified at time of analysis, and EPSS probability is negligible (0.01%), but the cryptographic primitive failure means all keys generated by vulnerable versions should be considered untrusted.
Technical ContextAI
Crypt::DSA is a Perl module (distributed via CPAN under the TIMLEGGE namespace) that implements the Digital Signature Algorithm for key generation, signing, and verification. The flaw lives in lib/Crypt/DSA/KeyChain.pm where seed material for DSA parameter and key generation was drawn from Perl's core rand() function. Perl's rand() is a non-cryptographic PRNG (typically backed by drand48 or a similar linear congruential generator) whose internal state is small and easily recovered from a handful of outputs, which maps directly to CWE-331 (Insufficient Entropy). DSA in particular is acutely sensitive to predictable randomness - recovery of the per-signature nonce 'k' or the seed used during parameter generation can disclose the long-term private key.
RemediationAI
Vendor-released patch: Crypt::DSA 1.20 - upgrade immediately via 'cpanm Crypt::DSA@1.20' or the equivalent distribution package, with the upstream diff visible at https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/diff/TIMLEGGE/Crypt-DSA-1.19#lib/Crypt/DSA/KeyChain.pm and release notes at https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/changes. Critically, upgrading the module alone is insufficient: any DSA keys, parameters, or signatures generated with prior versions must be treated as compromised and re-generated after the upgrade, and trust relationships (SSH host keys, signed artifacts, certificates) anchored on those keys must be rotated. As a compensating control where immediate upgrade is impossible, stop using Crypt::DSA for new key or signature generation and switch to a binding around a vetted library such as Crypt::OpenSSL::DSA or migrate away from DSA entirely toward Ed25519/ECDSA via Crypt::OpenSSL::PKCS10 or Net::SSLeay - the trade-off is application code changes and potential interoperability work with any DSA-only peers. Review the oss-security disclosure at http://www.openwall.com/lists/oss-security/2026/05/15/26 for additional remediation discussion.
Same weakness CWE-331 – Insufficient Entropy
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30666
GHSA-r2q3-hjc8-7x6q