CVE-2026-47373 | THREATINT

Description

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash.

PUBLISHED Reserved 2026-05-19 | Published 2026-05-20 | Updated 2026-05-20 | Assigner CPANSec

Problem types

CWE-208 Observable Timing Discrepancy

Product status

Default status

unaffected

Any version

affected

References

www.openwall.com/lists/oss-security/2026/05/20/21

metacpan.org/release/RRWO/Crypt-SaltedHash-0.10/changes release-notes

github.com/...c07bfc5c23185b0667233d0f2e1252d81f1f027a.patch patch

cve.org (CVE-2026-47373)

nvd.nist.gov (CVE-2026-47373)

Download JSON