CVE-2026-12205
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery.
Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it.
The first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical "r".
Keys used to sign more than once with an affected version should be considered compromised.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TIMLEGGE | Crypt::DSA | 0 < 1.21 | affected |
Weaknesses
- CWE-323: CWE-323 Reusing a Nonce, Key Pair in Encryption
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/source/lib/Crypt/DSA.pm#L47
- https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.21/changes
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.