CVE-2017-20240

Published: Giu 12, 2026 Last Modified: Giu 12, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks.

These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0003

Percentile

0,1th

Updated

EPSS Score Trend (Last 2 Days)

208

Observable Timing Discrepancy

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Access Control

Potential Impacts:

Read Application Data Bypass Protection Mechanism

Applicable Platforms

All platforms may be affected

View CWE Details

https://github.com/arodland/Crypt-PBKDF2/pull/6

https://metacpan.org/release/ARODLAND/Crypt-PBKDF2-0.161520…

https://metacpan.org/release/ARODLAND/Crypt-PBKDF2-0.161520/source/lib/Crypt/PB…

https://metacpan.org/release/ARODLAND/Crypt-PBKDF2-0.261630…

https://metacpan.org/release/ARODLAND/Crypt-PBKDF2-0.261630/changes

http://www.openwall.com/lists/oss-security/2026/06/12/3

CVE-2017-20240

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 2 Days)

Observable Timing Discrepancy

Common Consequences

Applicable Platforms

Iscriviti alla newsletter