CVE-2026-12205

Published: Giu 16, 2026 Last Modified: Giu 16, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery.

Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it.

The first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical 'r'.

Keys used to sign more than once with an affected version should be considered compromised.

323

Reusing a Nonce, Key Pair in Encryption

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Bypass Protection Mechanism Gain Privileges Or Assume Identity
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: High
View CWE Details
https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/source…
https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/source/lib/Crypt/DSA.pm#L47
https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.21/changes
https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.21/changes
http://www.openwall.com/lists/oss-security/2026/06/15/4
http://www.openwall.com/lists/oss-security/2026/06/15/4