Security Advisories (2)

CVE-2026-41564 (2026-04-23)

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A Crypt::PK::* object created before `fork()` shares byte-identical PRNG state with every child process, and any randomized operation they perform can produce identical output, including key generation. Two ECDSA or DSA signatures from different processes are enough to recover the signing private key through nonce-reuse key recovery. This affects preforking services such as the Starman web server, where a Crypt::PK::* object loaded at startup is inherited by every worker process.

CVE-2026-41565 (2026-05-28)

CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers. The gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify and eax_decrypt_verify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer (MAXBLOCKSIZE) without checking the supplied length. A longer tag overwrites the stack past the buffer. Version 0.088 added the clamp to gcm_decrypt_verify, and 0.088_001 added it to the other three. Any caller of an affected helper that forwards an attacker-controlled tag longer than the buffer can trigger the overflow.

NAME

Crypt::Checksum::CRC32 - Compute CRC32 checksum

SYNOPSIS

### Functional interface:
use Crypt::Checksum::CRC32 ':all';

# calculate CRC32 checksum from string/buffer
$checksum_raw  = crc32_data($data);
$checksum_hex  = crc32_data_hex($data);
$checksum_int  = crc32_data_int($data);
# calculate CRC32 checksum from file
$checksum_raw  = crc32_file('filename.dat');
$checksum_hex  = crc32_file_hex('filename.dat');
$checksum_int  = crc32_file_int('filename.dat');
# calculate CRC32 checksum from filehandle
$checksum_raw  = crc32_file(*FILEHANDLE);
$checksum_hex  = crc32_file_hex(*FILEHANDLE);
$checksum_int  = crc32_file_int(*FILEHANDLE);

### OO interface:
use Crypt::Checksum::CRC32;

$d = Crypt::Checksum::CRC32->new;
$d->add('any data');
$d->add('another data');
$d->addfile('filename.dat');
$d->addfile(*FILEHANDLE);
$checksum_raw = $d->digest;     # raw 4 bytes
$checksum_hex = $d->hexdigest;  # hexadecimal form
$checksum_int = $d->intdigest;  # 32bit unsigned integer

DESCRIPTION

Calculating CRC32 checksums.

Updated: v0.057

EXPORT

Nothing is exported by default.

You can export selected functions:

use Crypt::Checksum::CRC32 qw(crc32_data crc32_data_hex crc32_data_int crc32_file crc32_file_hex crc32_file_int);

Or all of them at once:

use Crypt::Checksum::CRC32 ':all';

FUNCTIONS

crc32_data

Returns checksum as raw octects.

$checksum_raw = crc32_data('data string');
#or
$checksum_raw = crc32_data('any data', 'more data', 'even more data');

crc32_data_hex

Returns checksum as a hexadecimal string.

$checksum_hex = crc32_data_hex('data string');
#or
$checksum_hex = crc32_data_hex('any data', 'more data', 'even more data');

crc32_data_int

Returns checksum as unsigned 32bit integer.

$checksum_int = crc32_data_int('data string');
#or
$checksum_int = crc32_data_int('any data', 'more data', 'even more data');

crc32_file

Returns checksum as raw octects.

$checksum_raw = crc32_file('filename.dat');
#or
$checksum_raw = crc32_file(*FILEHANDLE);

crc32_file_hex

Returns checksum as a hexadecimal string.

$checksum_hex = crc32_file_hex('filename.dat');
#or
$checksum_hex = crc32_file_hex(*FILEHANDLE);

crc32_file_int

Returns checksum as unsigned 32bit integer.

$checksum_int = crc32_file_int('filename.dat');
#or
$checksum_int = crc32_file_int(*FILEHANDLE);

METHODS

new

Constructor, returns a reference to the checksum object.

$d = Crypt::Checksum::CRC32->new;

clone

Creates a copy of the checksum object state and returns a reference to the copy.

$d->clone();

reset

Reinitialize the checksum object state and returns a reference to the checksum object.

$d->reset();

add

All arguments are appended to the message we calculate checksum for. The return value is the checksum object itself.

$d->add('any data');
#or
$d->add('any data', 'more data', 'even more data');

addfile

The content of the file (or filehandle) is appended to the message we calculate checksum for. The return value is the checksum object itself.

$d->addfile('filename.dat');
#or
$d->addfile(*FILEHANDLE);

BEWARE: You have to make sure that the filehandle is in binary mode before you pass it as argument to the addfile() method.

digest

Returns the binary checksum (raw bytes).

$result_raw = $d->digest();

hexdigest

Returns the checksum encoded as a hexadecimal string.

$result_hex = $d->hexdigest();

intdigest

Returns the checksum encoded as unsigned 32bit integer.

$result_int = $d->intdigest();

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)