PT-2026-21469 · Libsodium+1 · Libsodium+1
Timothy Legge
·
Published
2026-02-14
·
Updated
2026-03-04
·
CVE-2026-2588
CVSS v2.0
9.4
Critical
| Vector | AV:N/AC:L/Au:N/C:N/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Crypt::NaCl::Sodium versions through 2.001
Description
The software contains an integer overflow flaw on 32-bit systems. Specifically, the Sodium.xs component casts a
STRLEN (size t) to an unsigned long long when passing a length pointer to libsodium functions. On 32-bit systems, size t is typically 32-bits, while an unsigned long long is at least 64-bits.Recommendations
Update to a version of Crypt::NaCl::Sodium later than 2.001.
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Crypt::Nacl::Sodium
Libsodium