CVE-2018-25099

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CryptX versions prior to 0.062

Description The issue concerns the CryptX module for Perl, where the functions gcm decrypt verify() and chacha20poly1305 decrypt verify() do not verify the tag, potentially leading to security issues.

Recommendations For versions prior to 0.062, update to version 0.062 or later to resolve the issue. As a temporary workaround, consider disabling the use of gcm decrypt verify() and chacha20poly1305 decrypt verify() functions until a patch is available. Restrict access to the CryptX module to minimize the risk of exploitation.

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

CVE-2018-25099

OPENSUSE-SU-2024:0112-1

OPENSUSE-SU-2024:13866-1

USN-8128-1

Affected Products

Cryptx

Linuxmint

Ubuntu

CVE-2018-25099

Weakness Enumeration

Related Identifiers

Affected Products

References · 26