Integer overflow in Timlegge Crypt::nacl::sodium
CVE-2026-30909
Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows. bin2hex, encrypt, aes256gcm_encrypt_afternm and seal functions do not check that output size will be less than SIZE_MAX, which could lead to integer wrap…
Vulnerability class: Integer Overflow
EPSS: 0.000 (8.8th percentile) — read the EPSS interpretation.
Affected products
- Timlegge Crypt::nacl::sodium — versions 0
Weakness classification (CWE)
References
- metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs
- metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs
- metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs
- metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.002/source/Sodium.xs
- github.com/cpan-authors/crypt-nacl-sodium/pull/24.patch (patch)
- metacpan.org/release/TIMLEGGE/Crypt-NaCl-Sodium-2.003/source/Changes (release-notes)