HIGHCVE-2026-47373Published 2026-05-20Modified 2026-05-21CNA CPANSec

CVE-2026-47373: Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash.

CVSS v3.1: 7.5
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

RRWO / Crypt::SaltedHash
≤ 0.09

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

metacpan.org
github.com

Metrics