Skip to main content

Crypt::DSA EUVDEUVD-2026-37016

| CVE-2026-12205 CRITICAL
Reusing a Nonce, Key Pair in Encryption (CWE-323)
9.1
CVSS 3.1 · Vendor
Share

Severity by source

Vendor (CNA) PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
vuln.today AI
7.4 HIGH

Network-observable signatures enable unauthenticated key recovery; AC:H because attacker must collect multiple signatures and perform cryptanalytic computation; full C/I impact from private key exposure and signature forgery.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Red Hat
7.1 HIGH
qualitative

Primary rating from Vendor (CNA).

CVSS VectorVendor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Patch available
Jun 16, 2026 - 02:15 EUVD
Analysis Generated
Jun 15, 2026 - 14:16 vuln.today

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

Private-key recovery is possible in Crypt::DSA for Perl (all versions before 1.21) because the module caches the per-signature DSA nonce (k) inside the Key object and never clears it, causing every call to sign() after the first to reuse the identical nonce and produce signatures with matching r values. Any attacker who can observe two or more DSA signatures produced by the same Key object can apply well-known algebraic techniques to recover the private key entirely, after which they can forge arbitrary signatures. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify application using Crypt::DSA for signing
Delivery
Collect two or more DSA signatures from the same key
Exploit
Confirm identical r values confirming nonce reuse
Execution
Apply algebraic nonce-recovery formula to derive private key
Persist
Forge arbitrary signatures with recovered key
Impact
Impersonate signing identity or undermine PKI trust

Vulnerability AssessmentAI

Exploitation Exploitation requires that a Crypt::DSA Key object be used to call sign() at least twice within the same process lifetime without being reconstructed between calls - this is the condition that triggers nonce reuse and produces two signatures with identical r values. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment No NVD-assigned CVSS vector is available, so risk signals are limited to the advisory text, CWE classification, and independent metric assessment. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker monitors the DSA-signed outputs of a Perl application that uses Crypt::DSA - for example, signed API responses, signed software packages, or authentication tokens. After collecting any two signatures produced by the same key (identifiable by matching r values in the signature pairs), the attacker applies the standard two-signature nonce-recovery formula to algebraically derive the private key in milliseconds. …
Remediation Vendor-released patch: Crypt-DSA 1.21, available on CPAN and documented in the changelog at https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.21/changes. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems using Crypt::DSA and determine which signing keys have been reused for multiple signature operations. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

Share

EUVD-2026-37016 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy