CVE-2026-47373 PUBLISHED

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks

Assigner: CPANSec
Reserved: 19.05.2026 Published: 20.05.2026 Updated: 21.05.2026

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks.

These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash.

Product Status

Vendor RRWO
Product Crypt::SaltedHash
Versions Default: unaffected
  • affected from 0 to 0.09 (incl.)

Solutions

Upgrade to version 0.10 or later.

References

Problem Types

  • CWE-208 Observable Timing Discrepancy CWE