Fedora 45 : perl-Crypt-Argon2 / perl-Dist-Build / perl-ExtUtils-Builder / etc (2026-5d15cef372)

The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-5d15cef372 advisory. Update perl-Crypt-Argon2 to 0.031 2477035 2481131 fixes CVE-2026-8463 Tenable has extracted the preceding description block directly from the Fedora security...

CVE-2026-8463

A flaw was found in Crypt::Argon2 for Perl. This vulnerability, a heap out-of-bounds read, occurs in the argon2verify function when processing an empty encoded input. An integer underflow causes the software to read beyond the allocated memory, which can lead to a denial of service DoS by crashin...

EUVD-2026-29956

Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of argon2verify passes encodedlen - 1 as the length argument to memchr without checking that encodedlen is non-zero. When the encoded string is...

CVE-2026-8463

Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of argon2verify passes encodedlen - 1 as the length argument to memchr without checking that encodedlen is non-zero. When the encoded string is...

CVE-2026-8463 Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input

Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of argon2verify passes encodedlen - 1 as the length argument to memchr without checking that encodedlen is non-zero. When the encoded string is...

CVE-2026-8463

Crypt::Argon2 for Perl (versions 0.017 before 0.031) contains a heap out-of-bounds read in argon2_verify when given an empty encoded input. The auto-detect path passes encoded_len-1 to memchr without ensuring encoded_len is non-zero; with an empty string this underflows to SIZE_MAX and may cause ...

CVE-2026-8463

Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of argon2verify passes encodedlen - 1 as the length argument to memchr without checking that encodedlen is non-zero. When the encoded string is...

CVE-2026-8463 Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input

Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of argon2verify passes encodedlen - 1 as the length argument to memchr without checking that encodedlen is non-zero. When the encoded string is...

CVE-2026-8463

Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of argon2verify passes encodedlen - 1 as the length argument to memchr without checking that encodedlen is non-zero. When the encoded string is...

CVE-2026-8463

Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of argon2verify passes encodedlen - 1 as the length argument to memchr without checking that encodedlen is non-zero. When the encoded string is...

Linux Distros Unpatched Vulnerability : CVE-2026-8463

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of...

crypt-argon2 安全漏洞

Crypt-Argon2 is a password hashing and verification tool developed by Leon Timmermans. Versions of Crypt-Argon2 from 0.017 to 0.031 contained security vulnerabilities. These vulnerabilities stemmed from the use of argon2verify, which executed heap overflow reads with empty code inputs, potentiall...

PT-2026-40603

Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2 verify on empty encoded input. The auto-detect form of argon2 verify passes encoded len - 1 as the length argument to memchr without checking that encoded len is non-zero. When the encoded string i...

Fedora 43 : perl-CryptX (2026-3e1f671a17)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3e1f671a17 advisory. 0.088 2026-04-23 - Crypt::KeyDerivation - new functions: pbkdf1openssl, bcryptpbkdf, scryptpbkdf, argon2pbkdf - Crypt::Misc - new functions: randomv7uuid,...

Malicious code in @aspect-security/argon2 (npm)

The package performs data exfiltration, arbitrary command execution in preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b426577fc5361773d25297fdb9fce28835e15d9ab86909c6652f5c1b71c4e543 The package @aspect-security/argon2 was found to contain...

MAL-2026-2505 Malicious code in @aspect-security/argon2 (npm)

The package performs data exfiltration, arbitrary command execution in preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b426577fc5361773d25297fdb9fce28835e15d9ab86909c6652f5c1b71c4e543 The package @aspect-security/argon2 was found to contain...

Malicious code in argon2-napi (npm)

Malicious package due to data exfiltration in preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 256afce3626d671d3e6fe9a53923ab5e85da899bd5255e0b975fe5fc22ab417e The package argon2-napi was found to contain malicious code...

MAL-2026-2511 Malicious code in argon2-napi (npm)

Malicious package due to data exfiltration in preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 256afce3626d671d3e6fe9a53923ab5e85da899bd5255e0b975fe5fc22ab417e The package argon2-napi was found to contain malicious code...

CVE-2026-25222

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...

CVE-2026-25222

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...