rpm package
opensuse/perl-CryptX&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/perl-CryptX&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-41565 | Hig | 7.5 | < 0.89.0-2.1 | 0.89.0-2.1 | May 28, 2026 | CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers. The gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify and eax_decrypt_verify XS routines copied the caller-supplied authentication tag into a fixed 1 | |
| CVE-2026-41564 | Hig | 7.5 | < 0.89.0-1.1 | 0.89.0-1.1 | Apr 23, 2026 | CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without | |
| CVE-2025-40914 | Cri | 9.8 | < 0.87.0-1.1 | 0.87.0-1.1 | Jun 11, 2025 | Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328. | |
| CVE-2018-25099 | Cri | 9.8 | < 0.80.0-3.1 | 0.80.0-3.1 | Mar 18, 2024 | In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag. |
- affected < 0.89.0-2.1fixed 0.89.0-2.1
CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers. The gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify and eax_decrypt_verify XS routines copied the caller-supplied authentication tag into a fixed 1
- affected < 0.89.0-1.1fixed 0.89.0-1.1
CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without
- affected < 0.87.0-1.1fixed 0.87.0-1.1
Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.
- affected < 0.80.0-3.1fixed 0.80.0-3.1
In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag.