Crypt-NaCl-Sodium-0.08

Security Advisories (2)

CVE-2026-2588 (2026-02-22)

Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems. Sodium.xs casts a STRLEN (size_t) to unsigned long long when passing a length pointer to libsodium functions. On 32-bit systems size_t is typically 32-bits while an unsigned long long is at least 64-bits.

CVE-2026-30909 (2026-03-08)

Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows. bin2hex, encrypt, aes256gcm_encrypt_afternm and seal functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. Encountering this issue is unlikely as the message length would need to be very large. For bin2hex() the bin_len would have to be > SIZE_MAX / 2 For encrypt() the msg_len would need to be > SIZE_MAX - 16U For aes256gcm_encrypt_afternm() the msg_len would need to be > SIZE_MAX - 16U For seal() the enc_len would need to be > SIZE_MAX - 64U

Changes for version 0.08 - 2015-07-17

Require Alien::Sodium v1.0.3.1

Documentation

Crypt::NaCl::Sodium::aead

Authenticated Encryption with Additional Data (ChaCha20/Poly1305 MAC)

Crypt::NaCl::Sodium::auth

Secret-key message authentication (HMAC-SHA256, HMAC-SHA512, HMAC-SHA512/256 )

Crypt::NaCl::Sodium::box

Public-key authenticated encryption (Curve25519/XSalsa20/Poly1305 MAC)

Crypt::NaCl::Sodium::generichash

Generic hashing (Blake2b)

Crypt::NaCl::Sodium::hash

SHA-2 hash functions (SHA-256, SHA-512)

Crypt::NaCl::Sodium::onetimeauth

One-time authentication (Poly1305)

Crypt::NaCl::Sodium::pwhash

Password hashing (yescrypt)

Crypt::NaCl::Sodium::scalarmult

Diffie-Hellman (Curve25519)

Crypt::NaCl::Sodium::secretbox

Secret-key authenticated encryption (XSalsa20/Poly1305 MAC)

Crypt::NaCl::Sodium::shorthash

Short-input hashing (SipHash-2-4)

Crypt::NaCl::Sodium::sign

Public-key signatures (Ed25519)

Crypt::NaCl::Sodium::stream

Stream ciphers (XSalsa20, ChaCha20, Salsa20, AES-128-CTR)

Data::BytesLocker

Guarded storage for sensitive data

Modules

Crypt::NaCl::Sodium

NaCl compatible modern, easy-to-use library for encryption, decryption, signatures, password hashing and more

Other files

To install Crypt::NaCl::Sodium, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Crypt::NaCl::Sodium

CPAN shell

perl -MCPAN -e shell
install Crypt::NaCl::Sodium

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Changes for version 0.08 - 2015-07-17

Documentation

Modules

Other files

Module Install Instructions

Keyboard Shortcuts