HIGHCVE-2026-5086Published Modified CNA CPANSec
CVE-2026-5086: Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks
Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- 0.019
- Affected Products
- 1
Fix available
0.019
Affected packages
- NERDVANA / Crypt::SecretBuffer< 0.019 (from 0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NReferences