138 matches found
[SECURITY] Fedora 44 Update: perl-Crypt-DSA-1.22-1.fc44
Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...
[SECURITY] Fedora 43 Update: perl-Crypt-DSA-1.22-1.fc43
Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...
DEBIAN-CVE-2026-14570
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...
CVE-2026-14570
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...
PT-2026-55751
Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.22 Description The software draws the DSA signing nonce and private key from a biased random generator. Specifically, the makerandom function in Crypt::DSA::Util forces the high bit of every returned value to...
[SECURITY] Fedora 43 Update: perl-Crypt-DSA-1.21-1.fc43
Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...
[SECURITY] Fedora 44 Update: perl-Crypt-DSA-1.21-1.fc44
Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...
EUVD-2026-37016
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...
CVE-2026-12205
Crypt::DSA for Perl versions before 1.21 reuse the per-signature nonce across signatures because the sign() function caches nonce data in the Key object and does not clear it. The first sign() selects a nonce and later signs reuse that nonce, producing identical r values, enabling potential priva...
PT-2026-49531
Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.21 Description The software reuses the nonce across signatures, which can lead to the recovery of the private key. The sign function in the Crypt::DSA::sign module caches the per-signature nonce material within t...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39829)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39829 advisory. - The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted...
[SECURITY] Fedora 44 Update: perl-Crypt-DSA-1.20-1.fc44
Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...
SUSE CVE-2026-39829
The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...
EUVD-2026-30668
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...
CVE-2026-8704
CVE-2026-8704 affects Crypt::DSA for Perl, version up to 1.19, where the 2-argument open function can allow existing files to be modified. This is the underlying root cause described across multiple sources. A fixed version is indicated as later than 1.19 (e.g., 1.20 per release notes), with reme...
CVE-2026-8704 Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...
CVE-2026-8700
CVE-2026-8700 concerns Crypt::DSA for Perl, where seeds are generated with Perl’s built-in rand. The affected components are Crypt::DSA versions before 1.20. The root cause is the use of a non-cryptographically secure RNG, making seeds predictable for security-sensitive operations. This can under...
EUVD-2026-14375
Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...
jsrsasign: Incomplete Comparison Allows DSA Private Key Recovery via Biased Nonce Generation
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect...