Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
4DescriptionCVE.org
Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input.
The auto-detect form of argon2_verify passes encoded_len - 1 as the length argument to memchr without checking that encoded_len is non-zero. When the encoded string is empty, the size_t subtraction underflows to SIZE_MAX and memchr scans adjacent heap memory looking for a '$' separator byte.
A caller that invokes argon2_verify against a stored hash that may legitimately be empty (for example a placeholder row or a NULL column materialised as an empty string) reads out-of-bounds heap memory, which can crash the process or leak the position of an adjacent '$' byte into subsequent parsing.
AnalysisAI
Heap out-of-bounds read in Crypt::Argon2 for Perl (versions 0.017 through 0.030) exposes applications to process crash or heap memory leakage when argon2_verify is called with an empty encoded hash string. The defect is a size_t integer underflow: the auto-detect variant of argon2_verify subtracts 1 from encoded_len without a zero-check, wrapping to SIZE_MAX and causing memchr to scan up to SIZE_MAX bytes of adjacent heap memory. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The triggering condition is precise: argon2_verify must receive a zero-length (empty string) value as its encoded hash argument. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 5.3 Medium vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) describes a network-reachable, unauthenticated path to partial availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An application with a user authentication endpoint retrieves a stored Argon2 hash from a database; a placeholder, newly-created, or improperly initialized account row contains an empty string rather than a valid hash. The application passes this empty string directly to argon2_verify for comparison, triggering the size_t underflow. … |
| Remediation | Upgrade Crypt::Argon2 to version 0.031 or later via CPAN using 'cpan install Crypt::Argon2' or 'cpanm Crypt::Argon2'. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Perl Crypt::NaCl::Sodium module through 2.002 has potential integer overflows in cryptographic operations that could wea
Integer overflow in Crypt::NaCl::Sodium Perl module through version 2.001 on 32-bit systems. The Sodium.xs binding casts
Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_
Heap buffer overflow in Crypt::SysRandom::XS before version 0.010 allows denial of service through negative length param
Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined aead encryption, combined
Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuff
Weak salt generation in Crypt::PasswdMD5 (Perl) through version 1.42 enables password hash cracking via predictable rand
Predictable salt generation in the Perl Crypt::PBKDF2 module before version 0.261630 weakens the cryptographic strength
File overwrite and information disclosure in Crypt::DSA through version 1.19 for Perl expose systems where user-controll
Crypt::PBKDF2 for Perl prior to version 0.261630 ships with critically weak password-hashing defaults - HMAC-SHA1 as the
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, lead
Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption. Rated critical severity (
Same weakness CWE-126 – Buffer Over-read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29956
GHSA-3p6c-7qjr-35x9