Brad Barden

**Name of the Vulnerable Software and Affected Versions** Crypt::NaCl::Sodium versions through 2.002 **Description** The Crypt::NaCl::Sodium library for Perl versions through 2.002 may experience integer overflows in the `bin2hex`, `encrypt`, `aes256gcm encrypt afternm`, and `seal` functions. These functions do not verify that the output size remains within the bounds of `SIZE MAX`, potentially leading to integer wraparound and an undersized output buffer. The occurrence of this issue is unlikely, requiring exceptionally large message lengths. Specifically, for `bin2hex()` the input length (`bin len`) would need to exceed `SIZE MAX / 2`. For `encrypt()` the message length (`msg len`) would need to exceed `SIZE MAX - 16U`. For `aes256gcm encrypt afternm()` the message length (`msg len`) would need to exceed `SIZE MAX - 16U`. For `seal()` the encrypted length (`enc len`) would need to exceed `SIZE MAX - 64U`. **Recommendations** Versions prior to 2.003 should be used.