Cryptx
Monthly
Non-constant-time AEAD authentication tag comparison in CryptX before 0.088_001 for Perl exposes a timing oracle in the streaming decrypt_done path, enabling authentication tag forgery across five AEAD cipher modes: GCM, CCM, ChaCha20Poly1305, EAX, and OCB. An attacker who can submit many candidate tags for a fixed nonce and ciphertext while precisely measuring response timing can recover the expected tag byte-by-byte and forge authenticated messages. No public exploit code exists and CISA has not listed this in KEV; EPSS is 0.23% (13th percentile), consistent with SSVC's 'Exploitation: none' rating at time of disclosure.
Denial-of-service via stack buffer overflow in CryptX (Perl cryptography module) versions before 0.088_001 affects four AEAD decryption helpers that copy attacker-controlled authentication tags into a fixed 144-byte stack buffer without bounds checking. Remote attackers can crash any Perl application that passes untrusted tags to gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify, or eax_decrypt_verify, resulting in process termination. No public exploit identified at time of analysis, and EPSS scoring (0.04%, 13th percentile) reflects low expected exploitation activity despite the network attack vector.
PRNG state reuse across forked processes in CryptX for Perl allows remote attackers to recover private signing keys through cryptographic nonce-reuse attacks. When Crypt::PK objects are created before fork() in preforking web servers like Starman, every child process inherits identical PRNG state, causing duplicate randomness in cryptographic operations. Two ECDSA or DSA signatures generated by different worker processes are sufficient to mathematically recover the private key. EPSS exploitation probability is low (0.02%), but CISA SSVC framework confirms proof-of-concept availability and automatable exploitation. Vendor patch released in CryptX 0.088.
Non-constant-time AEAD authentication tag comparison in CryptX before 0.088_001 for Perl exposes a timing oracle in the streaming decrypt_done path, enabling authentication tag forgery across five AEAD cipher modes: GCM, CCM, ChaCha20Poly1305, EAX, and OCB. An attacker who can submit many candidate tags for a fixed nonce and ciphertext while precisely measuring response timing can recover the expected tag byte-by-byte and forge authenticated messages. No public exploit code exists and CISA has not listed this in KEV; EPSS is 0.23% (13th percentile), consistent with SSVC's 'Exploitation: none' rating at time of disclosure.
Denial-of-service via stack buffer overflow in CryptX (Perl cryptography module) versions before 0.088_001 affects four AEAD decryption helpers that copy attacker-controlled authentication tags into a fixed 144-byte stack buffer without bounds checking. Remote attackers can crash any Perl application that passes untrusted tags to gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify, or eax_decrypt_verify, resulting in process termination. No public exploit identified at time of analysis, and EPSS scoring (0.04%, 13th percentile) reflects low expected exploitation activity despite the network attack vector.
PRNG state reuse across forked processes in CryptX for Perl allows remote attackers to recover private signing keys through cryptographic nonce-reuse attacks. When Crypt::PK objects are created before fork() in preforking web servers like Starman, every child process inherits identical PRNG state, causing duplicate randomness in cryptographic operations. Two ECDSA or DSA signatures generated by different worker processes are sufficient to mathematically recover the private key. EPSS exploitation probability is low (0.02%), but CISA SSVC framework confirms proof-of-concept availability and automatable exploitation. Vendor patch released in CryptX 0.088.