Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium
Description
Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium
libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://www.cve.org/CVERecord?id=CVE-2025-69277 .
The libsodium vulnerability states:
In atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.
0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17- Range: <0.000042
- osv-coords14 versionspkg:rpm/opensuse/libsodium&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libsodium&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/libsodium&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libsodium&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/libsodium&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libsodium&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libsodium&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libsodium&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libsodium&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/libsodium&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/libsodium&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/libsodium&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libsodium&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/libsodium&distro=SUSE%20Linux%20Micro%206.2
< 1.0.18-150000.4.11.1+ 13 more
- (no CPE)range: < 1.0.18-150000.4.11.1
- (no CPE)range: < 1.0.20-160000.3.1
- (no CPE)range: < 1.0.21-1.1
- (no CPE)range: < 1.0.18-150000.4.11.1
- (no CPE)range: < 1.0.18-150000.4.11.1
- (no CPE)range: < 1.0.18-150000.4.11.1
- (no CPE)range: < 1.0.18-150000.4.11.1
- (no CPE)range: < 1.0.18-150000.4.11.1
- (no CPE)range: < 1.0.16-1.12.1
- (no CPE)range: < 1.0.20-160000.3.1
- (no CPE)range: < 1.0.20-160000.3.1
- (no CPE)range: < 1.0.18-4.1
- (no CPE)range: < 1.0.18-slfo.1.1_2.1
- (no CPE)range: < 1.0.20-160000.3.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.