CVE-2026-9638

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

CVE-2026-9641 Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

CVE-2026-9641 Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

CVE-2026-9641

CVE-2026-9641 affects Crypt::PBKDF2 for Perl prior to 0.261630. The vulnerability stems from a weak default configuration: using HMAC-SHA1 as the default algorithm and a default 1000 iterations, which is insufficient for modern password hashing. The impact, per sources, could involve reduced resi...

CVE-2026-9641

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

CVE-2026-9638

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

CVE-2026-9638 Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

CVE-2026-9638 Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

EUVD-2026-36456

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

CVE-2026-9638

Crypt::PBKDF2 for Perl versions before 0.261630 are vulnerable because they generate salts with the built-in rand function, which is predictable and not suitable for cryptography. Affected component: Crypt::PBKDF2 (Perl). Root cause: use of insecure RNG for salts. Impact: cryptographic salts may ...

CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

CVE-2017-20240 Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

EUVD-2017-18978

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

CVE-2017-20240 Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

CVE-2017-20240

CVE-2017-20240 affects Crypt::PBKDF2 for Perl, with versions before 0.261630 vulnerable to timing attacks due to using Perl’s built-in eq comparison. Discrepancies in timing could reveal information about the derived key. Affected software: Crypt::PBKDF2 prior to 0.261630. Root cause: insecure eq...

CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

OESA-2026-2684 perl-DBI security update

The DBI is the standard database interface module for Perl. It defines a set of methods, variables and conventions that provide a consistent database interface independent of the actual database being used. It is important to remember that the DBI is just an interface. The DBI is a layer of "glue...

OESA-2026-2658 perl security update

Perl 5 is a highly capable, feature-rich programming language with over 30 years of development. Perl 5 runs on over 100 platforms from portables to mainframes and is suitable for both rapid prototyping and large scale development projects. Security Fixes: Perl versions through 5.43.10 have a hea...

OESA-2026-2654 perl-IO-Compress security update

This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. Security Fixes: IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob...

OESA-2026-2653 perl-IO-Compress security update

This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. Security Fixes: IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob...