CVE-2026-41564

HIGH EPSS 35.7%
Published Apr 23, 20262mo ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
High
Find Similar
Published Apr 23, 2026 2mo ago
Last Modified Jun 17, 2026 2w ago

Description

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A Crypt::PK::* object created before `fork()` shares byte-identical PRNG state with every child process, and any randomized operation they perform can produce identical output, including key generation. Two ECDSA or DSA signatures from different processes are enough to recover the signing private key through nonce-reuse key recovery. This affects preforking services such as the Starman web server, where a Crypt::PK::* object loaded at startup is inherited by every worker process.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
35.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-335
CWE-338

Affected Products 1

VendorProductVersionRange
dcitcryptx* <0.088

References 4

  • openwall.com http://www.openwall.com/lists/oss-security/2026/04/23/2
    Mailing ListThird Party Advisory
  • github.com https://github.com/DCIT/perl-CryptX/commit/9a1dd3e0c27d68e32450be5538b864c2b115ee15.patch
    Patch
  • github.com https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-24c2-gp6c-24c6
    Vendor Advisory
  • metacpan.org https://metacpan.org/release/MIK/CryptX-0.088
    Product

Remediation

  • github.com https://github.com/DCIT/perl-CryptX/commit/9a1dd3e0c27d68e32450be5538b864c2b115ee15.patch
    Patch