CVE-2026-30910

Name of the Vulnerable Software and Affected Versions Crypt::Sodium::XS versions through 0.001000

Description The Crypt::Sodium::XS Perl module is susceptible to integer overflows in combined aead encryption, combined signature creation, and bin2hex functions. These functions do not verify that the output size remains within the bounds of SIZE MAX, potentially leading to integer wraparound and an undersized output buffer. This can cause crashes in the bin2hex function and encryption algorithms other than aes256gcm. For aes256gcm encryption and signatures, an undersized buffer could result in a buffer overflow. The likelihood of encountering this issue is low, as it requires exceptionally large message lengths. Specifically, for bin2hex, the input size must exceed SIZE MAX / 2. For aegis encryption, the input size must exceed SIZE MAX - 32U. For other encryption algorithms, the input size must exceed SIZE MAX - 16U. For signatures, the input size must exceed SIZE MAX - 64U.

Recommendations Versions prior to 0.001001 are affected. Update to a version greater than 0.001000.