/ 
Crypt-NaCl-Sodium-2.002
⭐ Starred 9
Security Advisories (1)
CVE-2026-30909 (2026-03-08)

Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows. bin2hex, encrypt, aes256gcm_encrypt_afternm and seal functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. Encountering this issue is unlikely as the message length would need to be very large. For bin2hex() the bin_len would have to be > SIZE_MAX / 2 For encrypt() the msg_len would need to be > SIZE_MAX - 16U For aes256gcm_encrypt_afternm() the msg_len would need to be > SIZE_MAX - 16U For seal() the enc_len would need to be > SIZE_MAX - 64U

Changes for version 2.002 - 2026-02-22

  • Fix Integer Overflow flaw on 32-bit systems (CVE-2026-2588)
  • Don't include deprecated crypto_stream_salsa20 functions see the docs to do a custom build
  • Add github actions and fix git checkout on Windows
  • Add a security policy
  • Compatibility Changes from 2.001
    • Deprecated crypto_stream_salsa20 functions are not built by default

Documentation

SECURITY.md
Crypt::NaCl::Sodium::aead
Authenticated Encryption with Additional Data
Crypt::NaCl::Sodium::auth
Secret-key message authentication
Crypt::NaCl::Sodium::box
Public-key authenticated encryption
Crypt::NaCl::Sodium::generichash
Generic hashing
Crypt::NaCl::Sodium::hash
SHA-2 hash functions
Crypt::NaCl::Sodium::onetimeauth
One-time authentication
Crypt::NaCl::Sodium::pwhash
Password hashing
Crypt::NaCl::Sodium::scalarmult
Diffie-Hellman
Crypt::NaCl::Sodium::secretbox
Secret-key authenticated encryption
Crypt::NaCl::Sodium::shorthash
Short input hashing
Crypt::NaCl::Sodium::sign
Public-key signatures
Crypt::NaCl::Sodium::stream
Stream Ciphers
Data::BytesLocker
Guarded storage for sensitive data

Modules

Crypt::NaCl::Sodium
NaCl compatible modern, easy-to-use library for encryption, decryption, signatures, password hashing and more

Other files