Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
95 vulnerabilities
CVE-2026-40561 (GCVE-0-2026-40561)
Vulnerability from cvelistv5 – Published: 2026-05-03 00:57 – Updated: 2026-05-04 13:54
VLAI?
Title
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence
Summary
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence.
Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence.
An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.
Severity ?
5.3 (Medium)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-03T03:04:55.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/03/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-40561",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T13:54:42.679845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T13:54:47.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Starlet",
"product": "Starlet",
"programFiles": [
"lib/Starlet/Server.pm"
],
"programRoutines": [
{
"name": "Starlet::Server::handle_connection"
}
],
"repo": "https://github.com/kazuho/Starlet",
"vendor": "KAZUHO",
"versions": [
{
"lessThanOrEqual": "0.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CPANSec"
}
],
"descriptions": [
{
"lang": "en",
"value": "Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence.\n\nStarlet incorrectly prioritizes \"Content-Length\" over \"Transfer-Encoding: chunked\" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence.\n\nAn attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy."
}
],
"impacts": [
{
"capecId": "CAPEC-33",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-33 HTTP Request Smuggling"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-03T00:57:31.519Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"url": "https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.3"
},
{
"tags": [
"patch"
],
"url": "https://github.com/kazuho/Starlet/commit/a7d5dfd1862aafa43e5eaca0fdb6acf4cc15b2d0.patch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-12T00:00:00.000Z",
"value": "Issue identified"
},
{
"lang": "en",
"time": "2026-04-28T00:00:00.000Z",
"value": "Maintainer notified"
},
{
"lang": "en",
"time": "2026-05-02T00:00:00.000Z",
"value": "Determined that the issue was already public on GitHub"
}
],
"title": "Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence",
"workarounds": [
{
"lang": "en",
"value": "Migrate to Starman 0.4018 or later which has fixed this issue or apply the patch."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-40561",
"datePublished": "2026-05-03T00:57:31.519Z",
"dateReserved": "2026-04-14T11:35:53.644Z",
"dateUpdated": "2026-05-04T13:54:47.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5080 (GCVE-0-2026-5080)
Vulnerability from cvelistv5 – Published: 2026-04-30 11:49 – Updated: 2026-04-30 18:29
VLAI?
Title
Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely
Summary
Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely.
The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand() function to return a number between 0 and 999-billion, and concatenating that result three times.
The path name might be known or guessed by an attacker, especially for applications known to be written using Dancer with standard installation locations.
The epoch time can be guessed by an attacker, and may be leaked in the HTTP header.
The process id comes from a small set of numbers, and workers may have sequential process ids.
The built-in rand() function is seeded with 32-bits and is considered unsuitable for security applications.
Predictable session ids could allow an attacker to gain access to systems.
Severity ?
5.9 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BIGPRESH | Dancer::Session::Abstract |
Affected:
0 , ≤ 1.3522
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T13:24:08.225699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T13:34:16.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-04-30T18:29:20.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/30/19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Dancer",
"product": "Dancer::Session::Abstract",
"programFiles": [
"lib/Dancer/Session/Abstract.pm"
],
"programRoutines": [
{
"name": "Dancer::Session::Abstract::build_id"
}
],
"repo": "https://github.com/PerlDancer/Dancer",
"vendor": "BIGPRESH",
"versions": [
{
"lessThanOrEqual": "1.3522",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely.\n\nThe session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand() function to return a number between 0 and 999-billion, and concatenating that result three times.\n\nThe path name might be known or guessed by an attacker, especially for applications known to be written using Dancer with standard installation locations.\n\nThe epoch time can be guessed by an attacker, and may be leaked in the HTTP header.\n\nThe process id comes from a small set of numbers, and workers may have sequential process ids.\n\nThe built-in rand() function is seeded with 32-bits and is considered unsuitable for security applications.\n\nPredictable session ids could allow an attacker to gain access to systems."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340 Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T11:49:29.736Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://security.metacpan.org/patches/D/Dancer/1.3522/CVE-2026-5080-r1.patch"
},
{
"url": "https://metacpan.org/release/BIGPRESH/Dancer-1.3522/source/lib/Dancer/Session/Abstract.pm#L85-102"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely",
"workarounds": [
{
"lang": "en",
"value": "Apply the linked patch."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-5080",
"datePublished": "2026-04-30T11:49:29.736Z",
"dateReserved": "2026-03-28T19:06:14.484Z",
"dateUpdated": "2026-04-30T18:29:20.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7381 (GCVE-0-2026-7381)
Vulnerability from cvelistv5 – Published: 2026-04-29 22:13 – Updated: 2026-04-30 13:18
VLAI?
Title
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting
Summary
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting.
Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the Plack environment.
A malicious client can set the X-Sendfile-Type header to "X-Accel-Redirect" to services running behind nginx reverse proxies, and then set the X-Accel-Mapping to map the path to an arbitrary file on the server.
Since 1.0053, Plack::Middleware::XSendfile is deprecated and will be removed from future releases of Plack.
This is similar to CVE-2025-61780 for Rack::Sendfile, although Plack::Middleware::XSendfile has some mitigations that disallow regular expressions to be used in the mapping, and only apply the mapping for the "X-Accel-Redirect" type.
Severity ?
9.1 (Critical)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MIYAGAWA | Plack::Middleware::XSendfile |
Affected:
0 , ≤ 1.0053
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-7381",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T13:18:16.234435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T13:18:45.937Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Plack",
"product": "Plack::Middleware::XSendfile",
"programFiles": [
"lib/Plack/Middleware::XSendfile.pm"
],
"repo": "https://github.com/plack/Plack",
"vendor": "MIYAGAWA",
"versions": [
{
"lessThanOrEqual": "1.0053",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CPANSec"
}
],
"descriptions": [
{
"lang": "en",
"value": "Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting.\n\nPlack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the Plack environment.\n\nA malicious client can set the X-Sendfile-Type header to \"X-Accel-Redirect\" to services running behind nginx reverse proxies, and then set the X-Accel-Mapping to map the path to an arbitrary file on the server.\n\nSince 1.0053, Plack::Middleware::XSendfile is deprecated and will be removed from future releases of Plack.\n\nThis is similar to CVE-2025-61780 for Rack::Sendfile, although Plack::Middleware::XSendfile has some mitigations that disallow regular expressions to be used in the mapping, and only apply the mapping for the \"X-Accel-Redirect\" type."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441 Unintended Proxy or Intermediary",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T22:13:35.351Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/MIYAGAWA/Plack-1.0053/changes"
},
{
"tags": [
"technical-description"
],
"url": "https://metacpan.org/release/MIYAGAWA/Plack-1.0053/view/lib/Plack/Middleware/XSendfile.pm#DEPRECATION-NOTICE"
},
{
"tags": [
"related"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61780"
}
],
"solutions": [
{
"lang": "en",
"value": "Users are encouraged to set the appropriate header directly in their applications, or write their own middleware layer that does not allow configuration to be passed via HTTP request headers."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2025-10-10T00:00:00.000Z",
"value": "Issue for Rack::Sendfile reported"
},
{
"lang": "en",
"time": "2026-04-27T00:00:00.000Z",
"value": "Issue reported to maintainer of Plack"
},
{
"lang": "en",
"time": "2025-04-28T00:00:00.000Z",
"value": "Plack 1.0052 released with improved security documentation in Plack::Middleware::XSendfile"
},
{
"lang": "en",
"time": "2025-04-29T00:00:00.000Z",
"value": "Plack 1.0053 released that deprecates Plack::Middleware::XSendfile"
}
],
"title": "Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting",
"workarounds": [
{
"lang": "en",
"value": "Users can configure the X-Sendfile-Type in the middleware constructor, and the reverse proxy to unset the X-Sendfile-Type header and (on nginx) the X-Accel-Mapping request header."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-7381",
"datePublished": "2026-04-29T22:13:35.351Z",
"dateReserved": "2026-04-29T07:43:55.519Z",
"dateUpdated": "2026-04-30T13:18:45.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7111 (GCVE-0-2026-7111)
Vulnerability from cvelistv5 – Published: 2026-04-29 14:22 – Updated: 2026-04-29 17:49
VLAI?
Title
Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption
Summary
Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption.
The Parse, print, getline, and getline_all methods invoke registered callbacks (for example after_parse, before_print, or on_error) and cache the Perl argument stack pointer across the call. If a callback extends the argument stack enough to trigger a reallocation, the return value is written through the stale pointer into the freed buffer, and the caller reads the original $self argument as the return value instead.
Calling code that expects parsed data from getline_all receives the Text::CSV_XS object in its place, leading to logic errors or crashes. Text::CSV_XS objects used without any registered callbacks are not affected.
Severity ?
8.4 (High)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HMBRAND | Text::CSV_XS |
Affected:
0 , < 1.62
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-29T16:33:25.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/29/17"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-7111",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T17:49:05.158465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T17:49:17.981Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Text-CSV_XS",
"product": "Text::CSV_XS",
"programFiles": [
"CSV_XS.xs"
],
"programRoutines": [
{
"name": "Text::CSV_XS::Parse"
},
{
"name": "Text::CSV_XS::print"
},
{
"name": "Text::CSV_XS::getline"
},
{
"name": "Text::CSV_XS::getline_all"
}
],
"repo": "https://github.com/cpan-authors/Text-CSV_XS",
"vendor": "HMBRAND",
"versions": [
{
"lessThan": "1.62",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "Leon Timmermans"
}
],
"descriptions": [
{
"lang": "en",
"value": "Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption.\n\nThe Parse, print, getline, and getline_all methods invoke registered callbacks (for example after_parse, before_print, or on_error) and cache the Perl argument stack pointer across the call. If a callback extends the argument stack enough to trigger a reallocation, the return value is written through the stale pointer into the freed buffer, and the caller reads the original $self argument as the return value instead.\n\nCalling code that expects parsed data from getline_all receives the Text::CSV_XS object in its place, leading to logic errors or crashes. Text::CSV_XS objects used without any registered callbacks are not affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-825",
"description": "CWE-825 Expired Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T14:22:29.358Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/cpan-authors/Text-CSV_XS/commit/c17f31a5f2bf36674748eb4b6e25672f0571a224.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/HMBRAND/Text-CSV_XS-1.62/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to 1.62 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-25T00:00:00.000Z",
"value": "Fix committed to public Github repository"
},
{
"lang": "en",
"time": "2026-04-26T00:00:00.000Z",
"value": "CVE number reserved"
},
{
"lang": "en",
"time": "2026-04-29T00:00:00.000Z",
"value": "Version 1.62 with the fix released to CPAN"
}
],
"title": "Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-7111",
"datePublished": "2026-04-29T14:22:29.358Z",
"dateReserved": "2026-04-26T15:31:25.111Z",
"dateUpdated": "2026-04-29T17:49:17.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40560 (GCVE-0-2026-40560)
Vulnerability from cvelistv5 – Published: 2026-04-28 23:46 – Updated: 2026-04-29 19:06
VLAI?
Title
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence
Summary
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence.
Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence.
An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.
Severity ?
7.5 (High)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-29T03:04:48.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/29/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-40560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T13:30:17.148319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T13:30:33.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Starman",
"product": "Starman",
"programFiles": [
"lib/Starman/Server.pm"
],
"programRoutines": [
{
"name": "Starman::Server::_prepare_env"
}
],
"repo": "https://github.com/miyagawa/Starman",
"vendor": "MIYAGAWA",
"versions": [
{
"lessThan": "0.4018",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CPANSec"
}
],
"descriptions": [
{
"lang": "en",
"value": "Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence.\n\nStarman incorrectly prioritizes \"Content-Length\" over \"Transfer-Encoding: chunked\" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence.\n\nAn attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy."
}
],
"impacts": [
{
"capecId": "CAPEC-33",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-33 HTTP Request Smuggling"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T19:06:02.932Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/miyagawa/Starman/commit/ced205f0805027e9d9c0731f8c40b104220604ed.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/MIYAGAWA/Starman-0.4018/changes"
},
{
"url": "https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.3"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 0.4018"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-12T00:00:00.000Z",
"value": "Issue identified by CPANSec"
},
{
"lang": "en",
"time": "2026-04-27T00:00:00.000Z",
"value": "Issue reported to software maintainer"
},
{
"lang": "en",
"time": "2026-04-27T00:00:00.000Z",
"value": "Fix committed to public Github repository"
},
{
"lang": "en",
"time": "2026-04-27T00:00:00.000Z",
"value": "Updated version uploaded to CPAN"
}
],
"title": "Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-40560",
"datePublished": "2026-04-28T23:46:37.780Z",
"dateReserved": "2026-04-14T11:35:53.644Z",
"dateUpdated": "2026-04-29T19:06:02.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7040 (GCVE-0-2026-7040)
Vulnerability from cvelistv5 – Published: 2026-04-27 12:29 – Updated: 2026-05-01 16:03
VLAI?
Title
Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have heap overflow when processing some malformed UTF-8 characters
Summary
Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters.
The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption.
Note that the minify_utf8 function is an alias for minify.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RRWO | Text::Minify::XS |
Affected:
0.3.0 , < 0.7.8
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-7040",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T14:19:18.048714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T14:20:30.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-04-27T16:33:01.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/27/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Text-Minify-XS",
"product": "Text::Minify::XS",
"programFiles": [
"XS.xs"
],
"programRoutines": [
{
"name": "Text::Minify::XS::minify"
},
{
"name": "Text::Minify::XS::minify_utf8"
}
],
"repo": "https://github.com/robrwo/Text-Minify-XS",
"vendor": "RRWO",
"versions": [
{
"lessThan": "0.7.8",
"status": "affected",
"version": "0.3.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CPANSec"
}
],
"descriptions": [
{
"lang": "en",
"value": "Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters.\n\nThe minify functions mishandled some malformed UTF-8 characters, leading to heap corruption.\n\nNote that the minify_utf8 function is an alias for minify."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-176",
"description": "CWE-176 Improper Handling of Unicode Encoding",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T16:03:02.431Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/robrwo/Text-Minify-XS/security/advisories/GHSA-jqhf-vv4h-77h2"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/RRWO/Text-Minify-XS-v0.7.8/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to v0.7.8 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-23T00:00:00.000Z",
"value": "This issue was identified by CPANSec"
},
{
"lang": "en",
"time": "2025-04-25T00:00:00.000Z",
"value": "Fix uploaded to CPAN"
}
],
"title": "Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have heap overflow when processing some malformed UTF-8 characters",
"workarounds": [
{
"lang": "en",
"value": "Validate that all strings passed to the minify and minify_utf8 functions."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-7040",
"datePublished": "2026-04-27T12:29:53.967Z",
"dateReserved": "2026-04-25T15:53:43.870Z",
"dateUpdated": "2026-05-01T16:03:02.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41564 (GCVE-0-2026-41564)
Vulnerability from cvelistv5 – Published: 2026-04-23 07:29 – Updated: 2026-04-23 13:05
VLAI?
Title
CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking
Summary
CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.
The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A Crypt::PK::* object created before `fork()` shares byte-identical PRNG state with every child process, and any randomized operation they perform can produce identical output, including key generation. Two ECDSA or DSA signatures from different processes are enough to recover the signing private key through nonce-reuse key recovery.
This affects preforking services such as the Starman web server, where a Crypt::PK::* object loaded at startup is inherited by every worker process.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-23T09:33:41.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/23/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-41564",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T13:05:18.115917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:05:22.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-24c2-gp6c-24c6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "CryptX",
"product": "CryptX",
"programFiles": [
"inc/CryptX_PK_RSA.xs.inc",
"inc/CryptX_PK_DSA.xs.inc",
"inc/CryptX_PK_DH.xs.inc",
"inc/CryptX_PK_ECC.xs.inc",
"inc/CryptX_PK_Ed25519.xs.inc",
"inc/CryptX_PK_X25519.xs.inc"
],
"repo": "https://github.com/DCIT/perl-CryptX",
"vendor": "MIK",
"versions": [
{
"lessThan": "0.088",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.\n\nThe Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A Crypt::PK::* object created before `fork()` shares byte-identical PRNG state with every child process, and any randomized operation they perform can produce identical output, including key generation. Two ECDSA or DSA signatures from different processes are enough to recover the signing private key through nonce-reuse key recovery.\n\nThis affects preforking services such as the Starman web server, where a Crypt::PK::* object loaded at startup is inherited by every worker process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-335",
"description": "CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T07:29:26.340Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-24c2-gp6c-24c6"
},
{
"tags": [
"patch"
],
"url": "https://github.com/DCIT/perl-CryptX/commit/9a1dd3e0c27d68e32450be5538b864c2b115ee15.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/MIK/CryptX-0.088"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to CryptX 0.088 or later, or apply the upstream patch.\n\nApplying the fix does not retroactively protect keys that may already have been exposed. On an affected version, any private key used with or generated by a Crypt::PK::* object created before `fork()` should be assessed for rotation."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-18T00:00:00.000Z",
"value": "Issue discovered."
},
{
"lang": "en",
"time": "2026-04-21T00:00:00.000Z",
"value": "Reported to upstream maintainer."
},
{
"lang": "en",
"time": "2026-04-23T00:00:00.000Z",
"value": "CryptX 0.088 released with fix."
}
],
"title": "CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-41564",
"datePublished": "2026-04-23T07:29:26.340Z",
"dateReserved": "2026-04-21T12:45:20.132Z",
"dateUpdated": "2026-04-23T13:05:22.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15638 (GCVE-0-2025-15638)
Vulnerability from cvelistv5 – Published: 2026-04-21 15:34 – Updated: 2026-04-21 16:23
VLAI?
Title
Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt
Summary
Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt.
Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and CVE-2018-12437.
Severity ?
10 (Critical)
CWE
- CWE-1395 - Dependency on Vulnerable Third-Party Component
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ATRODO | Net::Dropbear |
Affected:
0 , < 0.14
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-15638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T16:22:48.674288Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T16:23:17.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Net-Dropbear",
"product": "Net::Dropbear",
"repo": "https://github.com/atrodo/Net-Dropbear",
"vendor": "ATRODO",
"versions": [
{
"lessThan": "0.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt.\n\nNet::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and CVE-2018-12437."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1395",
"description": "CWE-1395 Dependency on Vulnerable Third-Party Component",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T15:34:18.988Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6129"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12437"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/ATRODO/Net-Dropbear-0.14/source/dropbear/libtomcrypt/changes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2025-15638",
"datePublished": "2026-04-21T15:34:18.988Z",
"dateReserved": "2026-04-20T12:20:50.153Z",
"dateUpdated": "2026-04-21T16:23:17.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-20230 (GCVE-0-2017-20230)
Vulnerability from cvelistv5 – Published: 2026-04-21 15:26 – Updated: 2026-04-21 18:22
VLAI?
Title
Storable versions before 3.05 for Perl has a stack overflow
Summary
Storable versions before 3.05 for Perl has a stack overflow.
The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.
Severity ?
10 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-20230",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T16:28:22.354136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T16:29:10.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-04-21T18:22:25.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/21/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Storable",
"product": "Storable",
"repo": "https://github.com/Perl/perl5/",
"vendor": "NWCLARK",
"versions": [
{
"lessThan": "3.05",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Storable versions before 3.05 for Perl has a stack overflow.\n\nThe retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T15:30:39.000Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/Perl/perl5/issues/15831"
},
{
"tags": [
"patch"
],
"url": "https://github.com/Perl/perl5/commit/a258c17c6937f79529c8319a829310e09cdbd216.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/RURBAN/Storable-3.05/changes"
},
{
"tags": [
"mailing-list"
],
"url": "https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242533.html"
},
{
"tags": [
"mailing-list"
],
"url": "https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242703.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Storable version 3.05 or newer."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2017-01-24T00:00:00.000Z",
"value": "Perl bug RT1 30635 reported."
},
{
"lang": "en",
"time": "2017-01-25T00:00:00.000Z",
"value": "Patch committed."
},
{
"lang": "en",
"time": "2017-01-29T00:00:00.000Z",
"value": "Storable version 3.05 released."
},
{
"lang": "en",
"time": "2018-02-20T00:00:00.000Z",
"value": "Perl v5.27.9 released with Storable 3.06."
},
{
"lang": "en",
"time": "2018-10-06T00:00:00.000Z",
"value": "issue assigned CPANSA-Storable-2017-01 in the CPANSA distribution."
}
],
"title": "Storable versions before 3.05 for Perl has a stack overflow",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2017-20230",
"datePublished": "2026-04-21T15:26:18.216Z",
"dateReserved": "2026-03-28T19:24:26.125Z",
"dateUpdated": "2026-04-21T18:22:25.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5088 (GCVE-0-2026-5088)
Vulnerability from cvelistv5 – Published: 2026-04-15 07:03 – Updated: 2026-05-01 16:03
VLAI?
Title
Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts
Summary
Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts.
The _make_salt and _make_salt_bcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply return 16 bytes generated with Perl's built-in rand function.
The rand function is unsuitable for cryptographic use.
These salts are used for password hashing.
Severity ?
7.5 (High)
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JDEGUEST | Apache::API::Password |
Affected:
0 , ≤ 0.5.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-15T17:24:20.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/15/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/15/5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T11:59:31.300289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T12:05:32.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Apache2-API",
"product": "Apache::API::Password",
"programFiles": [
"lib/Apache2/API.pm"
],
"programRoutines": [
{
"name": "Apache2::API::Password::_make_salt"
},
{
"name": "Apache2::API::Password::_make_salt_bcrypt"
}
],
"repo": "https://gitlab.com/jackdeguest/Apache2-API",
"vendor": "JDEGUEST",
"versions": [
{
"lessThanOrEqual": "0.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts.\n\nThe _make_salt and _make_salt_bcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply return 16 bytes generated with Perl\u0027s built-in rand function.\n\nThe rand function is unsuitable for cryptographic use.\n\nThese salts are used for password hashing."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T16:03:43.825Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/JDEGUEST/Apache2-API-v0.5.3/changes"
},
{
"tags": [
"related"
],
"url": "https://metacpan.org/release/JDEGUEST/Apache2-API-v0.5.2/view/lib/Apache2/API/Password.pod"
},
{
"tags": [
"technical-description"
],
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
},
{
"url": "https://metacpan.org/pod/Crypt::URandom"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version v0.5.3 or later, and install Crypt::URandom."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts",
"workarounds": [
{
"lang": "en",
"value": "Install Crypt::URandom."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-5088",
"datePublished": "2026-04-15T07:03:13.742Z",
"dateReserved": "2026-03-28T19:31:47.729Z",
"dateUpdated": "2026-05-01T16:03:43.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5086 (GCVE-0-2026-5086)
Vulnerability from cvelistv5 – Published: 2026-04-13 22:54 – Updated: 2026-04-15 20:03
VLAI?
Title
Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks
Summary
Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks.
For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.
Severity ?
7.5 (High)
CWE
- CWE-208 - Observable Timing Discrepancy
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NERDVANA | Crypt::SecretBuffer |
Affected:
0 , < 0.019
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-14T01:34:38.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/13/12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T19:59:41.270630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T20:03:28.442Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Crypt-SecretBuffer",
"product": "Crypt::SecretBuffer",
"programFiles": [
"SecretBuffer.xs"
],
"programRoutines": [
{
"name": "Crypt::SecretBuffer::memcmp"
}
],
"repo": "https://github.com/nrdvana/perl-Crypt-SecretBuffer",
"vendor": "NERDVANA",
"versions": [
{
"lessThan": "0.019",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks.\n\nFor example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T22:54:53.724Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/NERDVANA/Crypt-SecretBuffer-0.019/source/Changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 0.019 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-5086",
"datePublished": "2026-04-13T22:54:53.724Z",
"dateReserved": "2026-03-28T19:22:27.564Z",
"dateUpdated": "2026-04-15T20:03:28.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5085 (GCVE-0-2026-5085)
Vulnerability from cvelistv5 – Published: 2026-04-13 06:56 – Updated: 2026-04-13 15:30
VLAI?
Title
Solstice::Session versions through 1440 for Perl generates session ids insecurely
Summary
Solstice::Session versions through 1440 for Perl generates session ids insecurely.
The _generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand() function and the process id.
The same method is used in the _generateID method in Solstice::Subsession, which is part of the same distribution.
The epoch time may be guessed, if it is not leaked in the HTTP Date header. Stringified hash refences will contain predictable content. The built-in rand() function is seeded by 16-bits and is unsuitable for security purposes. The process id comes from a small set of numbers.
Predictable session ids could allow an attacker to gain access to systems.
Severity ?
9.1 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MCRAWFOR | Solstice::Session |
Affected:
0 , ≤ 1440
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5085",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T14:27:45.409795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:29:29.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-04-13T15:30:06.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/13/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Solstice",
"product": "Solstice::Session",
"programFiles": [
"lib/Solstice/Session.pm",
"lib/Solstice/Subsession.pm"
],
"programRoutines": [
{
"name": "Solstice::Session::_generateSessionID"
},
{
"name": "Solstice::Subsession::_generateID"
}
],
"vendor": "MCRAWFOR",
"versions": [
{
"lessThanOrEqual": "1440",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Solstice::Session versions through 1440 for Perl generates session ids insecurely.\n\nThe _generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand() function and the process id.\n\nThe same method is used in the _generateID method in Solstice::Subsession, which is part of the same distribution.\n\nThe epoch time may be guessed, if it is not leaked in the HTTP Date header. Stringified hash refences will contain predictable content. The built-in rand() function is seeded by 16-bits and is unsuitable for security purposes. The process id comes from a small set of numbers.\n\nPredictable session ids could allow an attacker to gain access to systems."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340 Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T06:56:14.964Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"url": "https://metacpan.org/dist/Solstice/source/lib/Solstice/Session.pm#L481"
},
{
"url": "https://metacpan.org/dist/Solstice/source/lib/Solstice/Subsession.pm#L105"
},
{
"tags": [
"technical-description"
],
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Solstice::Session versions through 1440 for Perl generates session ids insecurely",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-5085",
"datePublished": "2026-04-13T06:56:14.964Z",
"dateReserved": "2026-03-28T19:20:25.997Z",
"dateUpdated": "2026-04-13T15:30:06.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40199 (GCVE-0-2026-40199)
Vulnerability from cvelistv5 – Published: 2026-04-10 21:49 – Updated: 2026-04-13 14:37
VLAI?
Title
Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass
Summary
Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass.
_pack_ipv6() includes the sentinel byte from _pack_ipv4() when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of 17 bytes, misaligning the IPv4 part of the address.
The wrong length causes incorrect results in mask operations (bitwise AND truncates to the shorter operand) and in find() / bin_find() which use Perl string comparison (lt/gt). This can cause find() to incorrectly match or miss addresses.
Example:
my $cidr = Net::CIDR::Lite->new("::ffff:192.168.1.0/120");
$cidr->find("::ffff:192.168.2.0"); # incorrectly returns true
This is triggered by valid RFC 4291 IPv4 mapped addresses (::ffff:x.x.x.x).
See also CVE-2026-40198, a related issue in the same function affecting malformed IPv6 addresses.
Severity ?
6.5 (Medium)
CWE
- CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| STIGTSP | Net::CIDR::Lite |
Affected:
0 , < 0.23
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-40199",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T14:35:14.617789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:37:18.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Net-CIDR-Lite",
"product": "Net::CIDR::Lite",
"programFiles": [
"Lite.pm"
],
"programRoutines": [
{
"name": "Net::CIDR::Lite::_pack_ipv6"
}
],
"repo": "https://github.com/stigtsp/Net-CIDR-Lite",
"vendor": "STIGTSP",
"versions": [
{
"lessThan": "0.23",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass.\n\n_pack_ipv6() includes the sentinel byte from _pack_ipv4() when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of 17 bytes, misaligning the IPv4 part of the address.\n\nThe wrong length causes incorrect results in mask operations (bitwise AND truncates to the shorter operand) and in find() / bin_find() which use Perl string comparison (lt/gt). This can cause find() to incorrectly match or miss addresses.\n\nExample:\n\n my $cidr = Net::CIDR::Lite-\u003enew(\"::ffff:192.168.1.0/120\");\n $cidr-\u003efind(\"::ffff:192.168.2.0\"); # incorrectly returns true\n\nThis is triggered by valid RFC 4291 IPv4 mapped addresses (::ffff:x.x.x.x).\n\nSee also CVE-2026-40198, a related issue in the same function affecting malformed IPv6 addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130 Improper Handling of Length Parameter Inconsistency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T21:49:48.353Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/stigtsp/Net-CIDR-Lite/commit/b7166b1fa17b3b14b4c795ace5b3fbf71a0bd04a.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/STIGTSP/Net-CIDR-Lite-0.23/changes"
},
{
"tags": [
"related"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40198"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 0.23 or newer, or apply the patch provided."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-09T00:00:00.000Z",
"value": "Vulnerability found"
},
{
"lang": "en",
"time": "2026-04-10T00:00:00.000Z",
"value": "Net-CIDR-Lite version 0.23 released"
}
],
"title": "Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-40199",
"datePublished": "2026-04-10T21:49:48.353Z",
"dateReserved": "2026-04-09T22:12:06.334Z",
"dateUpdated": "2026-04-13T14:37:18.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40198 (GCVE-0-2026-40198)
Vulnerability from cvelistv5 – Published: 2026-04-10 21:42 – Updated: 2026-04-13 14:41
VLAI?
Title
Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass
Summary
Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass.
_pack_ipv6() does not check that uncompressed IPv6 addresses (without ::) have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce packed values of wrong length (3, 7, or 15 bytes instead of 17).
The packed values are used internally for mask and comparison operations. find() and bin_find() use Perl string comparison (lt/gt) on these values, and comparing strings of different lengths gives wrong results. This can cause find() to incorrectly report an address as inside or outside a range.
Example:
my $cidr = Net::CIDR::Lite->new("::/8");
$cidr->find("1:2:3"); # invalid input, incorrectly returns true
This is the same class of input validation issue as CVE-2021-47154 (IPv4 leading zeros) previously fixed in this module.
See also CVE-2026-40199, a related issue in the same function affecting IPv4 mapped IPv6 addresses.
Severity ?
7.5 (High)
CWE
- CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| STIGTSP | Net::CIDR::Lite |
Affected:
0 , < 0.23
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-40198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T14:41:19.772152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:41:59.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Net-CIDR-Lite",
"product": "Net::CIDR::Lite",
"programFiles": [
"Lite.pm"
],
"programRoutines": [
{
"name": "Net::CIDR::Lite::_pack_ipv6"
}
],
"repo": "https://github.com/stigtsp/Net-CIDR-Lite",
"vendor": "STIGTSP",
"versions": [
{
"lessThan": "0.23",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass.\n\n_pack_ipv6() does not check that uncompressed IPv6 addresses (without ::) have exactly 8 hex groups. Inputs like \"abcd\", \"1:2:3\", or \"1:2:3:4:5:6:7\" are accepted and produce packed values of wrong length (3, 7, or 15 bytes instead of 17).\n\nThe packed values are used internally for mask and comparison operations. find() and bin_find() use Perl string comparison (lt/gt) on these values, and comparing strings of different lengths gives wrong results. This can cause find() to incorrectly report an address as inside or outside a range.\n\nExample:\n\n my $cidr = Net::CIDR::Lite-\u003enew(\"::/8\");\n $cidr-\u003efind(\"1:2:3\"); # invalid input, incorrectly returns true\n\nThis is the same class of input validation issue as CVE-2021-47154 (IPv4 leading zeros) previously fixed in this module.\n\nSee also CVE-2026-40199, a related issue in the same function affecting IPv4 mapped IPv6 addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T21:42:06.835Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/stigtsp/Net-CIDR-Lite/commit/25d65f85dbe4885959a10471725ec9d250a589c3.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/STIGTSP/Net-CIDR-Lite-0.23/changes"
},
{
"tags": [
"related"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40199"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 0.23 or newer, or apply the patch provided."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-09T00:00:00.000Z",
"value": "Vulnerability found"
},
{
"lang": "en",
"time": "2026-04-10T00:00:00.000Z",
"value": "Net-CIDR-Lite version 0.23 released"
}
],
"title": "Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-40198",
"datePublished": "2026-04-10T21:42:06.835Z",
"dateReserved": "2026-04-09T22:12:06.334Z",
"dateUpdated": "2026-04-13T14:41:59.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5083 (GCVE-0-2026-5083)
Vulnerability from cvelistv5 – Published: 2026-04-08 05:53 – Updated: 2026-04-08 17:24
VLAI?
Title
Ado::Sessions versions through 0.935 for Perl generates insecure session ids
Summary
Ado::Sessions versions through 0.935 for Perl generates insecure session ids.
The session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.
Predicable session ids could allow an attacker to gain access to systems.
Note that Ado is no longer maintained, and has been removed from the CPAN index. It is still available on BackPAN.
Severity ?
5.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BEROV | Ado::Sessions |
Affected:
0 , ≤ 0.935
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5083",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T16:08:27.234472Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:08:29.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-04-08T17:24:13.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Ado",
"product": "Ado::Sessions",
"programFiles": [
"lib/Ado/Session.pm"
],
"programRoutines": [
{
"name": "Ado::Sessions::generate_id"
}
],
"repo": "https://github.com/kberov/Ado",
"vendor": "BEROV",
"versions": [
{
"lessThanOrEqual": "0.935",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ado::Sessions versions through 0.935 for Perl generates insecure session ids.\n\nThe session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nPredicable session ids could allow an attacker to gain access to systems.\n\nNote that Ado is no longer maintained, and has been removed from the CPAN index. It is still available on BackPAN."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340 Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T05:53:16.963Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kberov/Ado/issues/112"
},
{
"url": "https://backpan.perl.org/authors/id/B/BE/BEROV/Ado-0.935.tar.gz"
},
{
"tags": [
"technical-description"
],
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2017-09-02T00:00:00.000Z",
"value": "Last version of Ado was released on CPAN."
},
{
"lang": "en",
"time": "2018-09-24T00:00:00.000Z",
"value": "Announcement that Ado will not be updated anymore."
}
],
"title": "Ado::Sessions versions through 0.935 for Perl generates insecure session ids",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-5083",
"datePublished": "2026-04-08T05:53:16.963Z",
"dateReserved": "2026-03-28T19:14:30.969Z",
"dateUpdated": "2026-04-08T17:24:13.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5082 (GCVE-0-2026-5082)
Vulnerability from cvelistv5 – Published: 2026-04-08 05:48 – Updated: 2026-04-08 16:09
VLAI?
Title
Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id
Summary
Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id.
The generate_session_id function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand() function, the PID, and the high resolution epoch time. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.
Amon2::Plugin::Web::CSRFDefender versions before 7.00 were part of Amon2, which was vulnerable to insecure session ids due to CVE-2025-15604.
Note that the author has deprecated this module.
Severity ?
5.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TOKUHIROM | Amon2::Plugin::Web::CSRFDefender |
Affected:
7.00 , ≤ 7.03
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T16:09:08.752556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:09:26.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Amon2-Plugin-Web-CSRFDefender",
"product": "Amon2::Plugin::Web::CSRFDefender",
"programFiles": [
"lib/Amon2/Plugin/Web/CSRFDefender/Random.pm"
],
"programRoutines": [
{
"name": "Amon2::Plugin::Web::CSRFDefender::Random::generate_session_id"
}
],
"repo": "https://github.com/tokuhirom/Amon2-Plugin-Web-CSRFDefender",
"vendor": "TOKUHIROM",
"versions": [
{
"lessThanOrEqual": "7.03",
"status": "affected",
"version": "7.00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id.\n\nThe generate_session_id function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand() function, the PID, and the high resolution epoch time. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nAmon2::Plugin::Web::CSRFDefender versions before 7.00 were part of Amon2, which was vulnerable to insecure session ids due to CVE-2025-15604.\n\nNote that the author has deprecated this module."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340 Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T05:48:43.633Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"url": "https://metacpan.org/release/TOKUHIROM/Amon2-Plugin-Web-CSRFDefender-7.03/source/lib/Amon2/Plugin/Web/CSRFDefender/Random.pm"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/TOKUHIROM/Amon2-Plugin-Web-CSRFDefender-7.04/changes"
},
{
"tags": [
"related",
"vendor-advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15604"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Amon2::Plugin::Web::CSRFDefender version 7.04 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-5082",
"datePublished": "2026-04-08T05:48:43.633Z",
"dateReserved": "2026-03-28T19:12:35.387Z",
"dateUpdated": "2026-04-08T16:09:26.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5087 (GCVE-0-2026-5087)
Vulnerability from cvelistv5 – Published: 2026-03-31 16:03 – Updated: 2026-04-01 14:43
VLAI?
Title
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely
Summary
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely.
PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails (for example, on systems without the device, such as Windows), then it will emit a warning that recommends the user install Crypt::URandom, and then return a string of random bytes generated by the built-in rand function, which is unsuitable for cryptographic applications.
This modules does not use the Crypt::URandom module, and installing it will not fix the problem.
The random bytes are used for generating an initialisation vector (IV) to encrypt the cookie.
A predictable IV may make it easier for malicious users to decrypt and tamper with the session data that is stored in the cookie.
Severity ?
7.5 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JJNAPIORK | PAGI::Middleware::Session::Store::Cookie |
Affected:
0 , ≤ 0.001003
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-03-31T18:18:48.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/31/10"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:40:20.356872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:43:35.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "PAGI-Middleware-Session-Store-Cookie",
"product": "PAGI::Middleware::Session::Store::Cookie",
"programFiles": [
"lib/PAGI/Middleware/Session/Store/Cookie.pm"
],
"programRoutines": [
{
"name": "PAGI::Middleware::Session::Store::Cookie::_random_bytes"
}
],
"repo": "https://github.com/jjn1056/PAGI-Middleware-Session-Store-Cookie",
"vendor": "JJNAPIORK",
"versions": [
{
"lessThanOrEqual": "0.001003",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely.\n\nPAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails (for example, on systems without the device, such as Windows), then it will emit a warning that recommends the user install Crypt::URandom, and then return a string of random bytes generated by the built-in rand function, which is unsuitable for cryptographic applications.\n\nThis modules does not use the Crypt::URandom module, and installing it will not fix the problem.\n\nThe random bytes are used for generating an initialisation vector (IV) to encrypt the cookie.\n\nA predictable IV may make it easier for malicious users to decrypt and tamper with the session data that is stored in the cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1204",
"description": "CWE-1204 Generation of Weak Initialization Vector (IV)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T16:03:08.278Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"url": "https://metacpan.org/release/JJNAPIORK/PAGI-Middleware-Session-Store-Cookie-0.001003/source/lib/PAGI/Middleware/Session/Store/Cookie.pm#L156-173"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/JJNAPIORK/PAGI-Middleware-Session-Store-Cookie-0.001004/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 0.001004 or newer."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-5087",
"datePublished": "2026-03-31T16:03:08.278Z",
"dateReserved": "2026-03-28T19:29:58.433Z",
"dateUpdated": "2026-04-01T14:43:35.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-14031 (GCVE-0-2024-14031)
Vulnerability from cvelistv5 – Published: 2026-03-31 11:31 – Updated: 2026-04-01 16:30
VLAI?
Title
Sereal::Encoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library
Summary
Sereal::Encoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library.
Sereal::Encoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.
Severity ?
8.1 (High)
CWE
- CWE-1395 - Dependency on Vulnerable Third-Party Component
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| YVES | Sereal::Encoder |
Affected:
4.000 , ≤ 4.009_002
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-14031",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T14:19:21.141997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1395",
"description": "CWE-1395 Dependency on Vulnerable Third-Party Component",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T14:19:27.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Sereal-Encoder",
"product": "Sereal::Encoder",
"repo": "https://github.com/Sereal/Sereal",
"vendor": "YVES",
"versions": [
{
"lessThanOrEqual": "4.009_002",
"status": "affected",
"version": "4.000",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sereal::Encoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library.\n\nSereal::Encoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1395",
"description": "CWE-1395 Dependency on Vulnerable Third-Party Component",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:30:00.649Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/advisories/GHSA-w77f-wv46-4vcx"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11922"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/YVES/Sereal-Encoder-4.010/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Sereal::Encoder version 4.010 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2017-02-06T00:00:00.000Z",
"value": "Sereal::Encoder version 4.001_001 released."
},
{
"lang": "en",
"time": "2018-12-27T00:00:00.000Z",
"value": "Zstandard 1.3.8 released."
},
{
"lang": "en",
"time": "2019-07-25T00:00:00.000Z",
"value": "CVE-2019-11922 for Zstandard published"
},
{
"lang": "en",
"time": "2020-02-04T00:00:00.000Z",
"value": "Sereal::Encoder version 4.010 released."
},
{
"lang": "en",
"time": "2023-02-09T00:00:00.000Z",
"value": "Advisory added to the CPANSA database."
},
{
"lang": "en",
"time": "2024-02-17T00:00:00.000Z",
"value": "Advisory updated in the CPANSA database."
}
],
"title": "Sereal::Encoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2024-14031",
"datePublished": "2026-03-31T11:31:28.100Z",
"dateReserved": "2026-03-29T15:12:06.674Z",
"dateUpdated": "2026-04-01T16:30:00.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-14030 (GCVE-0-2024-14030)
Vulnerability from cvelistv5 – Published: 2026-03-31 11:31 – Updated: 2026-04-01 16:29
VLAI?
Title
Sereal::Decoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library
Summary
Sereal::Decoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library.
Sereal::Decoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.
Severity ?
8.1 (High)
CWE
- CWE-1395 - Dependency on Vulnerable Third-Party Component
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| YVES | Sereal::Decoder |
Affected:
4.000 , ≤ 4.009_002
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-14030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T14:18:18.323057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1395",
"description": "CWE-1395 Dependency on Vulnerable Third-Party Component",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T14:18:55.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Sereal-Decoder",
"product": "Sereal::Decoder",
"repo": "https://github.com/Sereal/Sereal",
"vendor": "YVES",
"versions": [
{
"lessThanOrEqual": "4.009_002",
"status": "affected",
"version": "4.000",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sereal::Decoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library.\n\nSereal::Decoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1395",
"description": "CWE-1395 Dependency on Vulnerable Third-Party Component",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:29:33.903Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/advisories/GHSA-w77f-wv46-4vcx"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11922"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/YVES/Sereal-Decoder-4.010/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Sereal::Decoder version 4.010 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2017-02-06T00:00:00.000Z",
"value": "Sereal::Decoder version 4.001_001 released."
},
{
"lang": "en",
"time": "2018-12-27T00:00:00.000Z",
"value": "Zstandard 1.3.8 released."
},
{
"lang": "en",
"time": "2019-07-25T00:00:00.000Z",
"value": "CVE-2019-11922 for Zstandard published"
},
{
"lang": "en",
"time": "2020-02-04T00:00:00.000Z",
"value": "Sereal::Decoder version 4.010 released."
},
{
"lang": "en",
"time": "2023-02-09T00:00:00.000Z",
"value": "Advisory added to the CPANSA database."
},
{
"lang": "en",
"time": "2024-02-17T00:00:00.000Z",
"value": "Advisory updated in the CPANSA database."
}
],
"title": "Sereal::Decoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2024-14030",
"datePublished": "2026-03-31T11:31:08.541Z",
"dateReserved": "2026-03-28T19:49:07.023Z",
"dateUpdated": "2026-04-01T16:29:33.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15618 (GCVE-0-2025-15618)
Vulnerability from cvelistv5 – Published: 2026-03-31 10:04 – Updated: 2026-03-31 18:18
VLAI?
Title
Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key
Summary
Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key.
Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use.
This key is intended for encrypting credit card transaction data.
Severity ?
9.1 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MOCK | Business::OnlinePayment::StoredTransaction |
Affected:
0 , ≤ 0.01
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-15618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T14:42:57.742486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T14:43:15.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-03-31T18:18:47.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/31/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Business-OnlinePayment-StoredTransaction",
"product": "Business::OnlinePayment::StoredTransaction",
"programRoutines": [
{
"name": "Business::OnlinePayment::StoredTransaction::submit"
}
],
"vendor": "MOCK",
"versions": [
{
"lessThanOrEqual": "0.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key.\n\nBusiness::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use.\n\nThis key is intended for encrypting credit card transaction data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T10:04:34.763Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"url": "https://metacpan.org/dist/Business-OnlinePayment-StoredTransaction/source/lib/Business/OnlinePayment/StoredTransaction.pm#L64-75"
},
{
"url": "https://security.metacpan.org/patches/B/Business-OnlinePayment-StoredTransaction/0.01/CVE-2025-15618-r1.patch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key",
"workarounds": [
{
"lang": "en",
"value": "Apply the patch that uses Crypt::URandom to generate a secret key."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2025-15618",
"datePublished": "2026-03-31T10:04:34.763Z",
"dateReserved": "2026-03-29T14:46:35.859Z",
"dateUpdated": "2026-03-31T18:18:47.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4176 (GCVE-0-2026-4176)
Vulnerability from cvelistv5 – Published: 2026-03-29 20:50 – Updated: 2026-03-30 15:35
VLAI?
Title
Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib
Summary
Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib.
Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.
Severity ?
9.8 (Critical)
CWE
- CWE-1395 - Dependency on Vulnerable Third-Party Component
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-03-30T04:56:37.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/30/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T15:34:29.395269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1395",
"description": "CWE-1395 Dependency on Vulnerable Third-Party Component",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T15:35:08.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "perl",
"product": "perl",
"repo": "https://github.com/Perl/perl5",
"vendor": "SHAY",
"versions": [
{
"lessThan": "5.40.4-RC1",
"status": "affected",
"version": "5.9.4",
"versionType": "custom"
},
{
"lessThan": "5.42.2-RC1",
"status": "affected",
"version": "5.41.0",
"versionType": "custom"
},
{
"lessThan": "5.43.9",
"status": "affected",
"version": "5.43.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Bernhard Schmalhofer"
}
],
"descriptions": [
{
"lang": "en",
"value": "Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib.\n\nCompress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1395",
"description": "CWE-1395 Dependency on Vulnerable Third-Party Component",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-29T20:50:51.058Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"vendor-advisory",
"related",
"vdb-entry"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3381"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.security.metacpan.org/cve-announce/msg/37638919/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/Perl/perl5/commit/c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/SHAY/perl-5.40.4/changes"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/SHAY/perl-5.42.2/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Perl stable release 5.40.4 or 5.42.2 or later, which include Compress::Raw::Zlib 2.222."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-02-27T00:00:00.000Z",
"value": "Compress::Raw::Zlib 2.221 committed to Perl blead."
},
{
"lang": "en",
"time": "2026-03-07T00:00:00.000Z",
"value": "CVE-2026-3381 published for Compress::Raw::Zlib."
},
{
"lang": "en",
"time": "2026-03-14T00:00:00.000Z",
"value": "CVE-2026-4176 reserved."
},
{
"lang": "en",
"time": "2026-03-29T00:00:00.000Z",
"value": "Perl 5.40.4 and 5.42.2 released."
}
],
"title": "Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib",
"workarounds": [
{
"lang": "en",
"value": "Install Compress::Raw::Zlib 2.220 or later into your @INC include path, so it takes precedence over the vulnerable core module shipped with Perl.\n\nSome OS distributions patch their perl package to build Compress::Raw::Zlib against the system zlib rather than the vendored copy. Users of these distributions may not be affected if their system zlib has been updated to 1.3.2 or later, or includes backported patches for the relevant vulnerabilities."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-4176",
"datePublished": "2026-03-29T20:50:51.058Z",
"dateReserved": "2026-03-14T16:17:19.077Z",
"dateUpdated": "2026-03-30T15:35:08.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4851 (GCVE-0-2026-4851)
Vulnerability from cvelistv5 – Published: 2026-03-29 00:22 – Updated: 2026-04-01 14:17
VLAI?
Title
GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization
Summary
GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization.
GRID::Machine provides Remote Procedure Calls (RPC) over SSH for Perl. The client connects to remote hosts to execute code on them. A compromised or malicious remote host can execute arbitrary code back on the client through unsafe deserialization in the RPC protocol.
read_operation() in lib/GRID/Machine/Message.pm deserialises values from the remote side using eval()
$arg .= '$VAR1';
my $val = eval "no strict; $arg"; # line 40-41
$arg is raw bytes from the protocol pipe. A compromised remote host can embed arbitrary perl in the Dumper-formatted response:
$VAR1 = do { system("..."); };
This executes on the client silently on every RPC call, as the return values remain correct.
This functionality is by design but the trust requirement for the remote host is not documented in the distribution.
Severity ?
9.8 (Critical)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CASIANO | GRID::Machine |
Affected:
0 , ≤ 0.127
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-03-29T00:23:56.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/26/6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:17:04.307893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:17:48.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "GRID-Machine",
"product": "GRID::Machine",
"programFiles": [
"lib/GRID/Machine/Message.pm"
],
"programRoutines": [
{
"name": "GRID::Machine::read_operation()"
}
],
"vendor": "CASIANO",
"versions": [
{
"lessThanOrEqual": "0.127",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pied Crow crow@cpan.org"
}
],
"descriptions": [
{
"lang": "en",
"value": "GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization.\n\nGRID::Machine provides Remote Procedure Calls (RPC) over SSH for Perl. The client connects to remote hosts to execute code on them. A compromised or malicious remote host can execute arbitrary code back on the client through unsafe deserialization in the RPC protocol.\n\nread_operation() in lib/GRID/Machine/Message.pm deserialises values from the remote side using eval()\n\n $arg .= \u0027$VAR1\u0027;\n my $val = eval \"no strict; $arg\"; # line 40-41\n\n$arg is raw bytes from the protocol pipe. A compromised remote host can embed arbitrary perl in the Dumper-formatted response:\n\n $VAR1 = do { system(\"...\"); };\n\nThis executes on the client silently on every RPC call, as the return values remain correct.\n\nThis functionality is by design but the trust requirement for the remote host is not documented in the distribution."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-29T00:22:22.578Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2026/03/26/6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-03-24T00:00:00.000Z",
"value": "Vulnerability reported to module author and CPANSec"
},
{
"lang": "en",
"time": "2026-03-25T00:00:00.000Z",
"value": "CVE assigned by CPANSec"
},
{
"lang": "en",
"time": "2026-03-26T00:00:00.000Z",
"value": "Author confirmed module is unmaintained, no fix available"
},
{
"lang": "en",
"time": "2026-03-26T00:00:00.000Z",
"value": "Disclosed on oss-security mailing list"
}
],
"title": "GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization",
"workarounds": [
{
"lang": "en",
"value": "There is no fix available. If used, only connect to trusted remote hosts."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-4851",
"datePublished": "2026-03-29T00:22:22.578Z",
"dateReserved": "2026-03-25T14:56:47.454Z",
"dateUpdated": "2026-04-01T14:17:48.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3256 (GCVE-0-2026-3256)
Vulnerability from cvelistv5 – Published: 2026-03-28 18:52 – Updated: 2026-04-01 14:14
VLAI?
Title
HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids
Summary
HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids.
HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.
The distribution includes HTTP::session::ID::MD5 which contains a similar flaw, but uses the MD5 hash instead.
Severity ?
9.8 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KTAT | HTTP::Session |
Affected:
0 , ≤ 0.53
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-03-28T20:06:47.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/28/5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:14:27.526725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:14:51.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "http-session",
"product": "HTTP::Session",
"programRoutines": [
{
"name": "HTTP::Session::ID::SHA1::generate_id"
},
{
"name": "HTTP::Session::ID::MD5::generate_id"
}
],
"repo": "https://github.com/tokuhirom/http-session",
"vendor": "KTAT",
"versions": [
{
"lessThanOrEqual": "0.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids.\n\nHTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nThe distribution includes HTTP::session::ID::MD5 which contains a similar flaw, but uses the MD5 hash instead."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340 Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-28T18:52:39.917Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"url": "https://metacpan.org/release/KTAT/http-session-0.53/source/lib/HTTP/Session/ID/SHA1.pm"
},
{
"url": "https://metacpan.org/release/KTAT/http-session-0.53/source/lib/HTTP/Session/ID/MD5.pm"
},
{
"tags": [
"technical-description"
],
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids",
"workarounds": [
{
"lang": "en",
"value": "Users on systems with a /dev/urandom device should configure the module to use HTTP::Session::ID::Urandom.\n\nUsers on systems without a /dev/urandom (such as Windows) device will need to create custom ID modules that make use of module such as Crypt::SysRandom or Crypt::URandom."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-3256",
"datePublished": "2026-03-28T18:52:39.917Z",
"dateReserved": "2026-02-26T11:59:23.755Z",
"dateUpdated": "2026-04-01T14:14:51.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15604 (GCVE-0-2025-15604)
Vulnerability from cvelistv5 – Published: 2026-03-28 18:43 – Updated: 2026-04-01 14:13
VLAI?
Title
Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions
Summary
Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions.
In versions 6.06 through 6.16, the random_string function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 hash seeded with the built-in rand() function, the PID, and the high resolution epoch time. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.
Before version 6.06, there was no fallback when /dev/urandom was not available.
Before version 6.04, the random_string function used the built-in rand() function to generate a mixed-case alphanumeric string.
This function may be used for generating session ids, generating secrets for signing or encrypting cookie session data and generating tokens used for Cross Site Request Forgery (CSRF) protection.
Severity ?
9.8 (Critical)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-03-28T20:06:46.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/28/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-15604",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:12:25.901323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:13:01.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Amon2",
"product": "Amon2",
"programFiles": [
"lib/Amon2/Util.pm"
],
"programRoutines": [
{
"name": "Amon2::Util::random_string"
}
],
"repo": "https://github.com/tokuhirom/Amon",
"vendor": "TOKUHIROM",
"versions": [
{
"lessThan": "6.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions.\n\nIn versions 6.06 through 6.16, the random_string function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 hash seeded with the built-in rand() function, the PID, and the high resolution epoch time. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nBefore version 6.06, there was no fallback when /dev/urandom was not available.\n\nBefore version 6.04, the random_string function used the built-in rand() function to generate a mixed-case alphanumeric string.\n\nThis function may be used for generating session ids, generating secrets for signing or encrypting cookie session data and generating tokens used for Cross Site Request Forgery (CSRF) protection."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
},
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
},
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340 Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-28T18:43:56.318Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"url": "https://metacpan.org/release/TOKUHIROM/Amon2-6.17/diff/TOKUHIROM/Amon2-6.16#lib/Amon2/Util.pm"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/TOKUHIROM/Amon2-6.17/changes"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/tokuhirom/Amon/pull/135"
},
{
"tags": [
"technical-description"
],
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Amon2 version 6.17 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2025-15604",
"datePublished": "2026-03-28T18:43:56.318Z",
"dateReserved": "2026-03-08T23:56:33.670Z",
"dateUpdated": "2026-04-01T14:13:01.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-125112 (GCVE-0-2014-125112)
Vulnerability from cvelistv5 – Published: 2026-03-26 02:04 – Updated: 2026-03-26 14:53
VLAI?
Title
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution
Summary
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution.
Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie.
Severity ?
9.8 (Critical)
CWE
- CWE-565 - Reliance on Cookies without Validation and Integrity Checking
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MIYAGAWA | Plack::Middleware::Session::Cookie |
Affected:
0 , ≤ 0.21
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-03-26T04:46:57.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/26/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2014-125112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T14:52:33.130571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T14:53:30.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Plack-Middleware-Session",
"product": "Plack::Middleware::Session::Cookie",
"repo": "https://github.com/plack/Plack-Middleware-Session",
"vendor": "MIYAGAWA",
"versions": [
{
"lessThanOrEqual": "0.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "mala (@bulkneets)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution.\n\nPlack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-565",
"description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T02:04:10.267Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"technical-description"
],
"url": "https://gist.github.com/miyagawa/2b8764af908a0dacd43d"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/MIYAGAWA/Plack-Middleware-Session-0.23-TRIAL/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade Plack::Middleware::Session to version 0.23 or later (ideally version 0.36 or later), and set the \"secret\" option."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2014-08-11T00:00:00.000Z",
"value": "Vulnerability disclosed by MIYAGAWA."
},
{
"lang": "en",
"time": "2014-08-11T00:00:00.000Z",
"value": "Version 0.22 released that warns when the \"secret\" option is not set."
},
{
"lang": "en",
"time": "2014-08-11T00:00:00.000Z",
"value": "Version 0.23-TRIAL released that requires the \"secret\" option to be set."
},
{
"lang": "en",
"time": "2014-09-05T00:00:00.000Z",
"value": "Version 0.24 released. Same as 0.23 but not a trial release."
},
{
"lang": "en",
"time": "2016-02-03T00:00:00.000Z",
"value": "Version 0.26 released. Documentation improved with SYNOPSIS giving an example of how to set the \"secret\" option."
},
{
"lang": "en",
"time": "2019-01-26T00:00:00.000Z",
"value": "CPANSA-Plack-Middleware-Session-Cookie-2014-01 assigned in CPAN::Audit::DB"
},
{
"lang": "en",
"time": "2019-03-09T00:00:00.000Z",
"value": "CPANSA-Plack-Middleware-Session-2014-01 reassigned in CPAN::Audit::DB"
},
{
"lang": "en",
"time": "2025-07-08T00:00:00.000Z",
"value": "CVE-2014-125112 assigned by CPANSec."
}
],
"title": "Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution",
"workarounds": [
{
"lang": "en",
"value": "Set the \"secret\" option."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2014-125112",
"datePublished": "2026-03-26T02:04:10.267Z",
"dateReserved": "2025-07-08T15:24:38.840Z",
"dateUpdated": "2026-03-26T14:53:30.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2006-10003 (GCVE-0-2006-10003)
Vulnerability from cvelistv5 – Published: 2026-03-19 11:08 – Updated: 2026-04-04 08:11
VLAI?
Title
XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack
Summary
XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.
In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.
The bug can be observed when parsing an XML file with very deep element nesting
Severity ?
9.8 (Critical)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TODDR | XML::Parser |
Affected:
0 , ≤ 2.47
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2006-10003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-19T17:08:41.621885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-19T17:09:59.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-04-04T08:11:42.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/19/2"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "XML-Parser",
"product": "XML::Parser",
"programFiles": [
"Expat.xs"
],
"programRoutines": [
{
"name": "startElement"
}
],
"repo": "http://github.com/toddr/XML-Parser",
"vendor": "TODDR",
"versions": [
{
"lessThanOrEqual": "2.47",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.\n\nIn the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.\n\nThe bug can be observed when parsing an XML file with very deep element nesting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-19T11:08:04.341Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://rt.cpan.org/Ticket/Display.html?id=19860"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/cpan-authors/XML-Parser/issues/39"
},
{
"tags": [
"patch"
],
"url": "https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch"
}
],
"solutions": [
{
"lang": "en",
"value": "Apply the patch that has been publicly available since 2006-06-13 or upgrade to version 2.48 or later when it is released."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2006-06-13T00:00:00.000Z",
"value": "Issue logged and patch provided in Request Tracker for XML::Parser"
},
{
"lang": "en",
"time": "2019-09-23T00:00:00.000Z",
"value": "Issue migrated to github issue tracker"
},
{
"lang": "en",
"time": "2019-09-24T00:00:00.000Z",
"value": "Patch provided in github issue tracker"
},
{
"lang": "en",
"time": "2026-03-16T00:00:00.000Z",
"value": "PR created and commit merged to git repo"
}
],
"title": "XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack",
"workarounds": [
{
"lang": "en",
"value": "Apply the patch that has been publicly available since 2006-06-13."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2006-10003",
"datePublished": "2026-03-19T11:08:04.341Z",
"dateReserved": "2026-03-16T22:52:39.890Z",
"dateUpdated": "2026-04-04T08:11:42.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2006-10002 (GCVE-0-2006-10002)
Vulnerability from cvelistv5 – Published: 2026-03-19 11:03 – Updated: 2026-04-29 14:36
VLAI?
Title
XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes
Summary
XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes.
A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap corruption (double free or corruption) and crashes.
Severity ?
9.8 (Critical)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TODDR | XML::Parser |
Affected:
0 , ≤ 2.45
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2006-10002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-19T17:11:03.634936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T14:36:41.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-03-22T23:06:42.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/19/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/22/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "XML-Parser",
"product": "XML::Parser",
"programFiles": [
"Expat.xs"
],
"programRoutines": [
{
"name": "parse_stream"
}
],
"repo": "http://github.com/toddr/XML-Parser",
"vendor": "TODDR",
"versions": [
{
"lessThanOrEqual": "2.45",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes.\n\nA :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl\u0027s read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap corruption (double free or corruption) and crashes."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-176",
"description": "CWE-176 Improper Handling of Unicode Encoding",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-21T11:43:43.607Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://rt.cpan.org/Ticket/Display.html?id=19859"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/cpan-authors/XML-Parser/issues/64"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/TODDR/XML-Parser-2.46/changes"
},
{
"tags": [
"patch"
],
"url": "https://github.com/cpan-authors/XML-Parser/commit/56b0509dfc6b559cd7555ea81ee62e3622069255.patch"
}
],
"solutions": [
{
"lang": "en",
"value": "Apply the patch that has been publicly available since 2006-06-13 or upgrade to version 2.46 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2006-06-13T00:00:00.000Z",
"value": "Issue logged in Request Tracker for XML::Parser"
},
{
"lang": "en",
"time": "2006-08-11T00:00:00.000Z",
"value": "Patch provided in Request Tracker for XML::Parser"
},
{
"lang": "en",
"time": "2019-09-24T00:00:00.000Z",
"value": "Issue migrated to github issue tracker"
},
{
"lang": "en",
"time": "2019-09-24T00:00:00.000Z",
"value": "Patch provided in github issue tracker"
},
{
"lang": "en",
"time": "2019-09-24T00:00:00.000Z",
"value": "Included in release 2.46 released to CPAN"
}
],
"title": "XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes",
"workarounds": [
{
"lang": "en",
"value": "Apply the patch that has been publicly available since 2006-06-13."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2006-10002",
"datePublished": "2026-03-19T11:03:46.888Z",
"dateReserved": "2026-03-16T22:47:45.685Z",
"dateUpdated": "2026-04-29T14:36:41.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4177 (GCVE-0-2026-4177)
Vulnerability from cvelistv5 – Published: 2026-03-16 22:30 – Updated: 2026-03-17 14:04
VLAI?
Title
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter
Summary
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter.
The heap overflow occurs when class names exceed the initial 512-byte allocation.
The base64 decoder could read past the buffer end on trailing newlines.
strtok mutated n->type_id in place, corrupting shared node data.
A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.
Severity ?
9.1 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TODDR | YAML::Syck |
Affected:
0 , ≤ 1.36
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-03-17T01:34:04.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/16/6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-17T14:04:29.127464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T14:04:53.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "YAML-Syck",
"product": "YAML::Syck",
"programFiles": [
"emitter.c",
"handler.c",
"perl_common.h",
"perl_syck.h"
],
"programRoutines": [
{
"name": "YAML::Syck::yaml_syck_emitter_handler()"
},
{
"name": "YAML::Syck::syck_base64dec()"
},
{
"name": "YAML::Syck::yaml_syck_parser_handler()"
},
{
"name": "YAML::Syck::syck_hdlr_add_anchor()"
}
],
"repo": "https://github.com/cpan-authors/YAML-Syck",
"vendor": "TODDR",
"versions": [
{
"lessThanOrEqual": "1.36",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Todd Rinaldo"
}
],
"descriptions": [
{
"lang": "en",
"value": "YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter.\n\nThe heap overflow occurs when class names exceed the initial 512-byte allocation.\n\nThe base64 decoder could read past the buffer end on trailing newlines.\n\nstrtok mutated n-\u003etype_id in place, corrupting shared node data.\n\nA memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string \u0027a\u0027 was leaked on early return."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T22:30:25.367Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/cpan-authors/YAML-Syck/commit/e8844a31c8cf0052914b198fc784ed4e6b8ae69e.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/TODDR/YAML-Syck-1.37_01/changes#L21"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 1.37 or higher."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-4177",
"datePublished": "2026-03-16T22:30:25.367Z",
"dateReserved": "2026-03-14T19:36:56.710Z",
"dateUpdated": "2026-03-17T14:04:53.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30910 (GCVE-0-2026-30910)
Vulnerability from cvelistv5 – Published: 2026-03-08 00:54 – Updated: 2026-03-10 13:42
VLAI?
Title
Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows
Summary
Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows.
Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. This can cause a crash in bin2hex and encryption algorithms other than aes256gcm. For aes256gcm encryption and signatures, an undersized buffer could lead to buffer overflow.
Encountering this issue is unlikely as the message length would need to be very large.
For bin2hex the input size would have to be > SIZE_MAX / 2 For aegis encryption the input size would need to be > SIZE_MAX - 32U For other encryption the input size would need to be > SIZE_MAX - 16U For signatures the input size would need to be > SIZE_MAX - 64U
Severity ?
7.5 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IAMB | Crypt::Sodium::XS |
Affected:
0 , ≤ 0.001000
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-03-08T04:33:15.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/08/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-30910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T13:42:36.397541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T13:42:58.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Crypt-Sodium-XS",
"product": "Crypt::Sodium::XS",
"programFiles": [
"inc/aead.xs",
"inc/sign.xs",
"inc/util.xs"
],
"vendor": "IAMB",
"versions": [
{
"lessThanOrEqual": "0.001000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brad Barden \u003cperlmodules@5c30.org\u003e"
}
],
"descriptions": [
{
"lang": "en",
"value": "Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows.\n\nCombined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. This can cause a crash in bin2hex and encryption algorithms other than aes256gcm. For aes256gcm encryption and signatures, an undersized buffer could lead to buffer overflow.\n\nEncountering this issue is unlikely as the message length would need to be very large.\n\nFor bin2hex the input size would have to be \u003e SIZE_MAX / 2 For aegis encryption the input size would need to be \u003e SIZE_MAX - 32U For other encryption the input size would need to be \u003e SIZE_MAX - 16U For signatures the input size would need to be \u003e SIZE_MAX - 64U"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-08T00:54:56.404Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/IAMB/Crypt-Sodium-XS-0.001001/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 0.001001"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-30910",
"datePublished": "2026-03-08T00:54:56.404Z",
"dateReserved": "2026-03-07T13:09:20.641Z",
"dateUpdated": "2026-03-10T13:42:58.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30909 (GCVE-0-2026-30909)
Vulnerability from cvelistv5 – Published: 2026-03-08 00:46 – Updated: 2026-03-10 13:41
VLAI?
Title
Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows
Summary
Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows.
bin2hex, encrypt, aes256gcm_encrypt_afternm and seal functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer.
Encountering this issue is unlikely as the message length would need to be very large.
For bin2hex() the bin_len would have to be > SIZE_MAX / 2 For encrypt() the msg_len would need to be > SIZE_MAX - 16U For aes256gcm_encrypt_afternm() the msg_len would need to be > SIZE_MAX - 16U For seal() the enc_len would need to be > SIZE_MAX - 64U
Severity ?
9.8 (Critical)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIMLEGGE | Crypt::NaCl::Sodium |
Affected:
0 , ≤ 2.002
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-03-08T04:33:14.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/08/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-30909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T13:40:18.499636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T13:41:14.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Crypt-NaCl-Sodium",
"product": "Crypt::NaCl::Sodium",
"programFiles": [
"Sodium.xs"
],
"repo": "https://github.com/cpan-authors/crypt-nacl-sodium",
"vendor": "TIMLEGGE",
"versions": [
{
"lessThanOrEqual": "2.002",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Brad Barden \u003cperlmodules@5c30.org\u003e"
}
],
"descriptions": [
{
"lang": "en",
"value": "Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows.\n\nbin2hex, encrypt, aes256gcm_encrypt_afternm and seal functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer.\n\nEncountering this issue is unlikely as the message length would need to be very large.\n\nFor bin2hex() the bin_len would have to be \u003e SIZE_MAX / 2 For encrypt() the msg_len would need to be \u003e SIZE_MAX - 16U For aes256gcm_encrypt_afternm() the msg_len would need to be \u003e SIZE_MAX - 16U For seal() the enc_len would need to be \u003e SIZE_MAX - 64U"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-08T00:46:12.862Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"url": "https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L2116"
},
{
"url": "https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L2310"
},
{
"url": "https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L3304"
},
{
"url": "https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs#L942"
},
{
"tags": [
"patch"
],
"url": "https://github.com/cpan-authors/crypt-nacl-sodium/pull/24.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.003/source/Changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 2.003"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-30909",
"datePublished": "2026-03-08T00:46:12.862Z",
"dateReserved": "2026-03-07T13:09:20.640Z",
"dateUpdated": "2026-03-10T13:41:14.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}