CVE-2026-41564

EUVD-2026-25201

23.04.2026, 08:16

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.

The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A Crypt::PK::* object created before `fork()` shares byte-identical PRNG state with every child process, and any randomized operation they perform can produce identical output, including key generation. Two ECDSA or DSA signatures from different processes are enough to recover the signing private key through nonce-reuse key recovery.

This affects preforking services such as the Starman web server, where a Crypt::PK::* object loaded at startup is inherited by every worker process.

PRNG

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

libcryptx-perl

bookworm	vulnerable
bullseye	vulnerable
forky	vulnerable
sid	0.087-2 fixed
trixie	vulnerable

Ubuntu Releases

Ubuntu Product

Codename

libcryptx-perl

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
questing	needs-triage
resolute	needs-triage

Common Weakness Enumeration

CWE-335 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
The software uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.

References

https://github.com/DCIT/perl-CryptX/commit/9a1dd3e0c27d68e32450be5538b864c2b115ee15.patch

https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-24c2-gp6c-24c6

https://metacpan.org/release/MIK/CryptX-0.088

http://www.openwall.com/lists/oss-security/2026/04/23/2

https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-24c2-gp6c-24c6