Mik Cryptx vulnerabilities
5 known vulnerabilities affecting mik/cryptx.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2LOW1
Vulnerabilities
Page 1 of 1
CVE-2023-36328P3CRITICALCVSS 9.8≥ 0.002, ≤ 0.0862023-09-01
CVE-2023-36328 [CRITICAL] CWE-190 CVE-2023-36328: Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667a
Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).
nvd
CVE-2026-41565P3HIGHCVSS 7.5fixed in 0.088_0012026-05-28
CVE-2026-41565 [HIGH] CWE-121 CVE-2026-41565: CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify h
CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers.
The gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify and eax_decrypt_verify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer (MAXBLOCKSIZE) without checking the supplied length.
nvd
CVE-2026-41564P3HIGHCVSS 7.5fixed in 0.0882026-04-23
CVE-2026-41564 [HIGH] CWE-335 CVE-2026-41564: CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Cry
CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.
The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A Crypt::PK::* object created before `fork()` shares byte
nvd
CVE-2019-17362P3CRITICALCVSS 9.1≥ 0.002, < 0.0652019-10-09
CVE-2019-17362 [CRITICAL] CWE-125 CVE-2019-17362: In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) doe
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
nvd
CVE-2026-13758P4LOWCVSS 3.7fixed in 0.088_0012026-06-29
CVE-2026-13758 [LOW] CWE-208 CVE-2026-13758: CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constant time in t
CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constant time in the streaming decrypt_done path.
The decrypt_done($tag) form compares it against the computed tag with memNE (memcmp() != 0), which short-circuits on the first differing byte, so its run time depends on the number of matching leading bytes. This affects
nvd