Timing Attack Vulnerability in Perl's Crypt::SaltedHash by RRWO
CVE-2026-47373

Currently unrated

Key Information:

Vendor

Rrwo

Status
Crypt::saltedhash
Vendor
CVE Published:
20 May 2026

What is CVE-2026-47373?

Crypt::SaltedHash, specifically versions up to 0.09, is vulnerable to timing attacks due to the use of Perl's native eq comparison for checking hashes. An attacker may exploit this vulnerability by measuring the time taken for equalities, allowing them to deduce the underlying hash values. This exposure makes it easier to guess sensitive data, thus compromising the security of applications utilizing this cryptographic library. It's recommended to upgrade to the latest version or implement alternative measures to mitigate exposure.

Affected Version(s)

Crypt::SaltedHash 0 <= 0.09

References

https://metacpan.org/release/RRWO/Crypt-SaltedHash-0.10/c...
release-notes
https://github.com/robrwo/perl-Crypt-SaltedHash/commit/c0...
patch

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.