[Git][security-tracker-team/security-tracker][master] Add CVE-2025-40914/libcryptx-perl

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
249ec575 by Salvatore Bonaccorso at 2025-06-11T22:32:27+02:00
Add CVE-2025-40914/libcryptx-perl

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43,7 +43,12 @@ CVE-2025-41661 (An unauthenticated remote attacker can execute arbitrary command
 CVE-2025-40915 (Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number sour ...)
 	NOT-FOR-US: Mojolicious::Plugin::CSRF Perl module
 CVE-2025-40914 (Perl CryptX before version 0.087 contains a dependency that may be sus ...)
-	TODO: check
+	- libcryptx-perl <unfixed>
+	NOTE: https://lists.security.metacpan.org/cve-announce/msg/30332012/
+	NOTE: https://github.com/libtom/libtommath/pull/546
+	NOTE: https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-6fh3-7qjq-8v22
+	NOTE: CVE exists because CryptX embeds a version of the libtommath library that is
+	NOTE: susceptible to an integer overflow associated with CVE-2023-36328.
 CVE-2025-40912 (CryptX for Perl before version 0.065 contains a dependency that may be ...)
 	- libcryptx-perl 0.066-1
 	NOTE: https://github.com/libtom/libtomcrypt/issues/507



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/249ec57591770be6cb38f662711647ecf2cd607b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/249ec57591770be6cb38f662711647ecf2cd607b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250611/a9b4a0e6/attachment.htm>