======================================================================== CVE-2026-47373 CPAN Security Group ========================================================================
CVE ID: CVE-2026-47373 Distribution: Crypt-SaltedHash Versions: through 0.09 MetaCPAN: https://metacpan.org/dist/Crypt-SaltedHash VCS Repo: https://github.com/robrwo/perl-Crypt-SaltedHash Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks Description ----------- Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash. Problem types ------------- - CWE-208 Observable Timing Discrepancy Solutions --------- Upgrade to version 0.10 or later. References ---------- https://metacpan.org/release/RRWO/Crypt-SaltedHash-0.10/changes https://github.com/robrwo/perl-Crypt-SaltedHash/commit/c07bfc5c23185b0667233d0f2e1252d81f1f027a.patch
