[SECURITY] Fedora 43 Update: perl-Crypt-Argon2-0.031-1.fc43

This module implements the Argon2 key derivation function, which is suitable to convert any password into a cryptographic key. This is most often used to for secure storage of passwords but can also be used to derive a encryption key from a password. It offers variable time and memory costs as we...

Fedora 44 : perl-Crypt-Argon2 / perl-Dist-Build / perl-ExtUtils-Builder / etc (2026-dafdad8fd3)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-dafdad8fd3 advisory. Update to 0.031 2477035 2481131 fixes CVE-2026-8463 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

Fedora 43 : perl-Crypt-Argon2 / perl-Dist-Build / perl-ExtUtils-Builder / etc (2026-f2c746ff8e)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-f2c746ff8e advisory. Update to 0.031 2477035 2481131 fixes CVE-2026-8463 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

Fedora 45 : perl-Crypt-Argon2 / perl-Dist-Build / perl-ExtUtils-Builder / etc (2026-5d15cef372)

The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-5d15cef372 advisory. Update perl-Crypt-Argon2 to 0.031 2477035 2481131 fixes CVE-2026-8463 Tenable has extracted the preceding description block directly from the Fedora security...

CVE-2026-8463

A flaw was found in Crypt::Argon2 for Perl. This vulnerability, a heap out-of-bounds read, occurs in the argon2verify function when processing an empty encoded input. An integer underflow causes the software to read beyond the allocated memory, which can lead to a denial of service DoS by crashin...

EUVD-2026-29956

Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of argon2verify passes encodedlen - 1 as the length argument to memchr without checking that encodedlen is non-zero. When the encoded string is...

CVE-2026-8463

Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of argon2verify passes encodedlen - 1 as the length argument to memchr without checking that encodedlen is non-zero. When the encoded string is...

CVE-2026-8463 Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input

Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of argon2verify passes encodedlen - 1 as the length argument to memchr without checking that encodedlen is non-zero. When the encoded string is...

CVE-2026-8463

Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of argon2verify passes encodedlen - 1 as the length argument to memchr without checking that encodedlen is non-zero. When the encoded string is...

CVE-2026-8463

Crypt::Argon2 for Perl (versions 0.017 before 0.031) contains a heap out-of-bounds read in argon2_verify when given an empty encoded input. The auto-detect path passes encoded_len-1 to memchr without ensuring encoded_len is non-zero; with an empty string this underflows to SIZE_MAX and may cause ...

CVE-2026-8463

Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of argon2verify passes encodedlen - 1 as the length argument to memchr without checking that encodedlen is non-zero. When the encoded string is...

Linux Distros Unpatched Vulnerability : CVE-2026-8463

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of...

crypt-argon2 安全漏洞

Crypt-Argon2 is a password hashing and verification tool developed by Leon Timmermans. Versions of Crypt-Argon2 from 0.017 to 0.031 contained security vulnerabilities. These vulnerabilities stemmed from the use of argon2verify, which executed heap overflow reads with empty code inputs, potentiall...