CVE-2026-12205 (GCVE-0-2026-12205)

Vulnerability from cvelistv5 – Published: 2026-06-15 21:57 – Updated: 2026-06-15 22:44
VLAI
Title
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery
Summary
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical "r". Keys used to sign more than once with an affected version should be considered compromised.
Severity
No CVSS data available.
CWE
  • CWE-323 - Reusing a Nonce, Key Pair in Encryption
Assigner
References
Impacted products
Vendor Product Version
TIMLEGGE Crypt::DSA Affected: 0 , < 1.21 (custom)
Create a notification for this product.
Credits
Richard Kettlewell
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-06-15T22:44:28.639Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/06/15/4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://cpan.org/modules",
          "defaultStatus": "unaffected",
          "packageName": "Crypt-DSA",
          "product": "Crypt::DSA",
          "programFiles": [
            "lib/Crypt/DSA.pm"
          ],
          "programRoutines": [
            {
              "name": "Crypt::DSA::sign"
            }
          ],
          "repo": "https://github.com/perl-Crypt-OpenPGP/Crypt-DSA",
          "vendor": "TIMLEGGE",
          "versions": [
            {
              "lessThan": "1.21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Richard Kettlewell"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery.\n\nCrypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it.\n\nThe first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical \"r\".\n\nKeys used to sign more than once with an affected version should be considered compromised."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-323",
              "description": "CWE-323 Reusing a Nonce, Key Pair in Encryption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-15T21:57:18.317Z",
        "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "shortName": "CPANSec"
      },
      "references": [
        {
          "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/source/lib/Crypt/DSA.pm#L47"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.21/changes"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to version 1.21\n\nRevoke any keys that may have been compromised.\n\nCrypt::DSA was deprecated in version 1.20. You should migrate to another solution."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-16T00:00:00.000Z",
          "value": "Maintainer contacted"
        },
        {
          "lang": "en",
          "time": "2026-06-13T00:00:00.000Z",
          "value": "Maintainer and CPANSec contacted"
        },
        {
          "lang": "en",
          "time": "2026-06-14T00:00:00.000Z",
          "value": "Fixed version released"
        }
      ],
      "title": "Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery",
      "x_generator": {
        "engine": "cpansec-cna-tool 0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
    "assignerShortName": "CPANSec",
    "cveId": "CVE-2026-12205",
    "datePublished": "2026-06-15T21:57:18.317Z",
    "dateReserved": "2026-06-14T12:07:30.610Z",
    "dateUpdated": "2026-06-15T22:44:28.639Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-12205\",\"sourceIdentifier\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\",\"published\":\"2026-06-15T23:16:43.150\",\"lastModified\":\"2026-06-15T23:16:43.150\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery.\\n\\nCrypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it.\\n\\nThe first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical \\\"r\\\".\\n\\nKeys used to sign more than once with an affected version should be considered compromised.\"}],\"metrics\":{},\"weaknesses\":[{\"source\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-323\"}]}],\"references\":[{\"url\":\"https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/source/lib/Crypt/DSA.pm#L47\",\"source\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\"},{\"url\":\"https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.21/changes\",\"source\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/06/15/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.