CVE-2026-47373
7.5 HIGHCrypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks
Published: 2026-05-20 · Last updated: 2026-05-21
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-208
Description
Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-54411 — Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path... (5.9 MEDIUM)
- CVE-2017-20240 — Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks (5.9 MEDIUM)
- CVE-2026-48011 — Shopware is an open commerce platform (3.7 LOW)
- CVE-2026-48859 — Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enum... (5.3 MEDIUM)
- CVE-2026-5419 — A flaw was found in gnutls (3.7 LOW)