9 matches found
EUVD-2026-29956
Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of argon2verify passes encodedlen - 1 as the length argument to memchr without checking that encodedlen is non-zero. When the encoded string is...
CVE-2026-8463
Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of argon2verify passes encodedlen - 1 as the length argument to memchr without checking that encodedlen is non-zero. When the encoded string is...
CVE-2026-8463 Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input
Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of argon2verify passes encodedlen - 1 as the length argument to memchr without checking that encodedlen is non-zero. When the encoded string is...
CVE-2026-8463 Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input
Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of argon2verify passes encodedlen - 1 as the length argument to memchr without checking that encodedlen is non-zero. When the encoded string is...
CVE-2026-8463
Crypt::Argon2 for Perl (versions 0.017 before 0.031) contains a heap out-of-bounds read in argon2_verify when given an empty encoded input. The auto-detect path passes encoded_len-1 to memchr without ensuring encoded_len is non-zero; with an empty string this underflows to SIZE_MAX and may cause ...
CVE-2026-8463
Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of argon2verify passes encodedlen - 1 as the length argument to memchr without checking that encodedlen is non-zero. When the encoded string is...
CVE-2026-8463
Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of argon2verify passes encodedlen - 1 as the length argument to memchr without checking that encodedlen is non-zero. When the encoded string is...
PT-2026-40603
Name of the Vulnerable Software and Affected Versions Crypt::Argon2 versions 0.017 through 0.030 Description A heap out-of-bounds read occurs in the argon2 verify function when processing empty encoded input. The auto-detect form of argon2 verify passes encoded len - 1 as the length argument to...
crypt-argon2 安全漏洞
Crypt-Argon2 is a password hashing and verification tool developed by Leon Timmermans. Versions of Crypt-Argon2 from 0.017 to 0.031 contained security vulnerabilities. These vulnerabilities stemmed from the use of argon2verify, which executed heap overflow reads with empty code inputs, potentiall...