CVE-2017-20240

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-20240

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-20240.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-20240

Downstream

DEBIAN-CVE-2017-20240

UBUNTU-CVE-2017-20240

openSUSE-SU-2026:11034-1

Related

openSUSE-SU-2026:11034-1

Published

2026-06-12T14:16:28.660Z

Modified

2026-06-18T04:03:50.952979150Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks.

These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key.

References

Affected packages

Git / github.com/arodland/crypt-pbkdf2

Affected ranges

Type

GIT

Repo

https://github.com/arodland/crypt-pbkdf2

Events

Introduced

Fixed

63bd1c8b74ea5a98c0566da99cdf9c84a87073bf

Database specific

{
    "source": "DESCRIPTION",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.261630"
        }
    ]
}

Affected versions

0.*

0.121930

0.131750

0.133330

0.140890

0.142390

0.150900

0.160410

0.161520

v0.*

v0.101160

v0.101170

v0.110460

v0.110461

v0.112020

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-20240.json"