Home

Description

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.

PUBLISHED Reserved 2026-03-28 | Published 2026-04-13 | Updated 2026-04-15 | Assigner CPANSec

Problem types

CWE-208 Observable Timing Discrepancy

Product status

Default status
unaffected

Any version before 0.019
affected

References

www.openwall.com/lists/oss-security/2026/04/13/12

metacpan.org/...VANA/Crypt-SecretBuffer-0.019/source/Changes release-notes

cve.org (CVE-2026-5086)

nvd.nist.gov (CVE-2026-5086)

Download JSON