Crypt::SecretBuffer versions before 0.019 for Perl is...
High severity
Unreviewed
Published
Apr 14, 2026
to the GitHub Advisory Database
•
Updated Apr 15, 2026
Description
Published by the National Vulnerability Database
Apr 13, 2026
Published to the GitHub Advisory Database
Apr 14, 2026
Last updated
Apr 15, 2026
Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks.
For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.
References