Crypt
Monthly
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce and the private key are drawn from makerandom. Because the high bit is always set, the result is not uniform: its top bit is fixed, producing insecure values." An attacker who collects a modest number of signatures under an affected key, together with the public key, can recover the private key with a lattice attack. Keys used to sign with an affected version should be considered compromised and new keys should be generated.
Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_attribute() copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen() on the result and pass the inflated length to newSVpvn(), copying attacker-influenced adjacent heap bytes into a Perl scalar.
Crypt::PBKDF2 for Perl prior to version 0.261630 ships with critically weak password-hashing defaults - HMAC-SHA1 as the pseudorandom function and only 1,000 iterations - leaving derived keys and stored passwords highly vulnerable to offline brute-force attacks. Applications that do not explicitly override these defaults expose any compromised credential store to cracking at rates orders of magnitude faster than OWASP-recommended configurations (220,000-1,400,000 iterations depending on algorithm). No public exploit is identified at time of analysis and the CVE is not listed in CISA KEV, but the structural nature of CWE-916 means all previously generated hashes using the weak defaults remain exploitable even after upgrading the library unless proactively rehashed.
Predictable salt generation in the Perl Crypt::PBKDF2 module before version 0.261630 weakens the cryptographic strength of derived password hashes. The module uses Perl's built-in rand() function - a non-cryptographic PRNG - to generate salt values, making salts guessable and enabling precomputation attacks against stored password hashes. No public exploit identified at time of analysis, but a vendor patch is available and the issue was responsibly disclosed by CPANSec.
File overwrite and information disclosure in Crypt::DSA through version 1.19 for Perl expose systems where user-controlled input reaches the library's key handling routines. The root cause is use of Perl's 2-argument open() form in lib/Crypt/DSA/Key.pm, which interprets leading or trailing special characters in filenames as I/O mode specifiers, enabling reads from or writes to arbitrary files. CVSS rates this AV:N/AC:L/PR:N/UI:N (Medium, 6.5), though actual exposure depends on application-level code paths; EPSS is 0.01% and this CVE is not in CISA KEV, indicating no public exploit identified at time of analysis.
Heap out-of-bounds read in Crypt::Argon2 for Perl (versions 0.017 through 0.030) exposes applications to process crash or heap memory leakage when argon2_verify is called with an empty encoded hash string. The defect is a size_t integer underflow: the auto-detect variant of argon2_verify subtracts 1 from encoded_len without a zero-check, wrapping to SIZE_MAX and causing memchr to scan up to SIZE_MAX bytes of adjacent heap memory. No public exploit has been identified and no CISA KEV listing exists; EPSS is 0.03% (9th percentile), consistent with the SSVC assessment of exploitation status 'none'.
Weak salt generation in Crypt::PasswdMD5 (Perl) through version 1.42 enables password hash cracking via predictable random values. The module uses Perl's built-in rand() function for salt generation instead of cryptographically secure random sources, allowing attackers to predict salt values and drastically reduce the computational cost of offline password cracking attacks. CVSS 7.5 (High) with network vector and no authentication required. SSVC assessment indicates the vulnerability is automatable with partial technical impact. EPSS and KEV data not provided, but the cryptographic weakness is architecturally exploitable wherever these password hashes are transmitted or stored in accessible locations.
Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.
Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. [CVSS 7.5 HIGH]
Perl Crypt::NaCl::Sodium module through 2.002 has potential integer overflows in cryptographic operations that could weaken security guarantees.
Heap buffer overflow in Crypt::SysRandom::XS before version 0.010 allows denial of service through negative length parameter validation bypass in the random_bytes() function. When negative values are passed to the function, integer wraparound causes incorrect memory allocation and unbounded writes to heap memory, triggering application crashes. Exploitation requires attacker control over the length argument, which in typical usage is hardcoded, limiting practical attack scenarios.
Integer overflow in Crypt::NaCl::Sodium Perl module through version 2.001 on 32-bit systems. The Sodium.xs binding casts a size_t to int, causing overflow that could compromise cryptographic operations.
Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce and the private key are drawn from makerandom. Because the high bit is always set, the result is not uniform: its top bit is fixed, producing insecure values." An attacker who collects a modest number of signatures under an affected key, together with the public key, can recover the private key with a lattice attack. Keys used to sign with an affected version should be considered compromised and new keys should be generated.
Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_attribute() copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen() on the result and pass the inflated length to newSVpvn(), copying attacker-influenced adjacent heap bytes into a Perl scalar.
Crypt::PBKDF2 for Perl prior to version 0.261630 ships with critically weak password-hashing defaults - HMAC-SHA1 as the pseudorandom function and only 1,000 iterations - leaving derived keys and stored passwords highly vulnerable to offline brute-force attacks. Applications that do not explicitly override these defaults expose any compromised credential store to cracking at rates orders of magnitude faster than OWASP-recommended configurations (220,000-1,400,000 iterations depending on algorithm). No public exploit is identified at time of analysis and the CVE is not listed in CISA KEV, but the structural nature of CWE-916 means all previously generated hashes using the weak defaults remain exploitable even after upgrading the library unless proactively rehashed.
Predictable salt generation in the Perl Crypt::PBKDF2 module before version 0.261630 weakens the cryptographic strength of derived password hashes. The module uses Perl's built-in rand() function - a non-cryptographic PRNG - to generate salt values, making salts guessable and enabling precomputation attacks against stored password hashes. No public exploit identified at time of analysis, but a vendor patch is available and the issue was responsibly disclosed by CPANSec.
File overwrite and information disclosure in Crypt::DSA through version 1.19 for Perl expose systems where user-controlled input reaches the library's key handling routines. The root cause is use of Perl's 2-argument open() form in lib/Crypt/DSA/Key.pm, which interprets leading or trailing special characters in filenames as I/O mode specifiers, enabling reads from or writes to arbitrary files. CVSS rates this AV:N/AC:L/PR:N/UI:N (Medium, 6.5), though actual exposure depends on application-level code paths; EPSS is 0.01% and this CVE is not in CISA KEV, indicating no public exploit identified at time of analysis.
Heap out-of-bounds read in Crypt::Argon2 for Perl (versions 0.017 through 0.030) exposes applications to process crash or heap memory leakage when argon2_verify is called with an empty encoded hash string. The defect is a size_t integer underflow: the auto-detect variant of argon2_verify subtracts 1 from encoded_len without a zero-check, wrapping to SIZE_MAX and causing memchr to scan up to SIZE_MAX bytes of adjacent heap memory. No public exploit has been identified and no CISA KEV listing exists; EPSS is 0.03% (9th percentile), consistent with the SSVC assessment of exploitation status 'none'.
Weak salt generation in Crypt::PasswdMD5 (Perl) through version 1.42 enables password hash cracking via predictable random values. The module uses Perl's built-in rand() function for salt generation instead of cryptographically secure random sources, allowing attackers to predict salt values and drastically reduce the computational cost of offline password cracking attacks. CVSS 7.5 (High) with network vector and no authentication required. SSVC assessment indicates the vulnerability is automatable with partial technical impact. EPSS and KEV data not provided, but the cryptographic weakness is architecturally exploitable wherever these password hashes are transmitted or stored in accessible locations.
Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.
Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. [CVSS 7.5 HIGH]
Perl Crypt::NaCl::Sodium module through 2.002 has potential integer overflows in cryptographic operations that could weaken security guarantees.
Heap buffer overflow in Crypt::SysRandom::XS before version 0.010 allows denial of service through negative length parameter validation bypass in the random_bytes() function. When negative values are passed to the function, integer wraparound causes incorrect memory allocation and unbounded writes to heap memory, triggering application crashes. Exploitation requires attacker control over the length argument, which in typical usage is hardcoded, limiting practical attack scenarios.
Integer overflow in Crypt::NaCl::Sodium Perl module through version 2.001 on 32-bit systems. The Sodium.xs binding casts a size_t to int, causing overflow that could compromise cryptographic operations.
Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.