Security Advisories (1)

CVE-2026-30910 (2026-03-08)

Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. This can cause a crash in bin2hex and encryption algorithms other than aes256gcm. For aes256gcm encryption and signatures, an undersized buffer could lead to buffer overflow. Encountering this issue is unlikely as the message length would need to be very large. For bin2hex the input size would have to be > SIZE_MAX / 2 For aegis encryption the input size would need to be > SIZE_MAX - 32U For other encryption the input size would need to be > SIZE_MAX - 16U For signatures the input size would need to be > SIZE_MAX - 64U

https://metacpan.org/release/IAMB/Crypt-Sodium-XS-0.001001/changes

NAME

Crypt::Sodium::XS::Base64 - libsodium base64 functions and constants

SYNOPSIS

use Crypt::Sodium::XS::Base64 ':all';

my $b64 = sodium_bin2base64("foobar");
my $bin = sodium_base642bin($b64);
print "$bin\n";
# foobar
my $orig_b64 = sodium_bin2base64("barfoo", BASE64_VARIANT_ORIGINAL);
print sodium_base642bin($orig_b64);
# barfoo

DESCRIPTION

Provides access to the libsodium-provided base64 functions and constants. IMPROVEME.

NOTE: These functions are not intended for use with sensitive data. Crypt::Sodium::XS::MemVault provides much of the same functionality for use with sensitive data.

FUNCTIONS

Nothing is exported by default. The tag :functions imports all "FUNCTIONS". The tag :all imports everything.

sodium_base642bin

my $bytes = sodium_base642bin($string);

Identical to "decode_base64url" in MIME::Base64. Stops parsing at any invalid base64 bytes. $bytes will be empty if $string could not be validly interpreted as base64 (i.e., if the output would not be a multiple of 8 bits).

Returns the base64 decoded bytes.

sodium_bin2base64

my $string = sodium_bin2base64($bytes);
my $string = sodium_bin2base64($bytes, $variant);

$variant is optional. See "BASE64 CONSTANTS". If not provided, the default is "BASE64_VARIANT_URLSAFE_NO_PADDING".

Identical to "encode_base64url" in MIME::Base64.

Returns the base64 encoded string.

CONSTANTS

Nothing is exported by default. The tag :constants imports all "CONSTANTS". The tag :all imports everything.

BASE64_VARIANT_ORIGINAL

RFC 4648 Base 64 Encoding.

BASE64_VARIANT_ORIGINAL_NO_PADDING

RFC 4648 Base 64 Encoding without = padding.

BASE64_VARIANT_URLSAFE

RFC 4648 Base 64 Encoding with URL and Filename Safe Alphabet.

BASE64_VARIANT_URLSAFE_NO_PADDING

RFC 4648 Base 64 Encoding with URL and Filename Safe Alphabet without = padding.

FEEDBACK

For reporting bugs, giving feedback, submitting patches, etc. please use the following:

RT queue at https://rt.cpan.org/Dist/Display.html?Name=Crypt-Sodium-XS
IRC channel #sodium on irc.perl.org.
Email the author directly.

AUTHOR

Brad Barden <perlmodules@5c30.org>

COPYRIGHT & LICENSE

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

To install Crypt::Sodium::XS, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Crypt::Sodium::XS

CPAN shell

perl -MCPAN -e shell
install Crypt::Sodium::XS

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)