CVE-2018-25099

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-25099

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-25099.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-25099

Downstream

DEBIAN-CVE-2018-25099

UBUNTU-CVE-2018-25099

openSUSE-SU-2024:0112-1

openSUSE-SU-2024:13866-1

Related

Published

2024-03-18T05:15:06.007Z

Modified

2025-11-14T08:38:48.580781Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the CryptX module before 0.062 for Perl, gcmdecryptverify() and chacha20poly1305decryptverify() do not verify the tag.

References

Affected packages

Git / github.com/dcit/perl-cryptx

Affected ranges

Type: GIT
Repo: https://github.com/dcit/perl-cryptx
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

681ea01e6477c0fd70fc0febdbabe7b190815b4b

Affected versions

v0.*

v0.018

v0.019

v0.020

v0.021

v0.022

v0.023

v0.024

v0.025

v0.026

v0.029

v0.030

v0.031

v0.032

v0.033

v0.034

v0.035

v0.036

v0.037

v0.038

v0.039

v0.040

v0.041

v0.042

v0.043

v0.044

v0.045

v0.046

v0.047

v0.048

v0.049

v0.050

v0.051

v0.052

v0.053

v0.054

v0.055

v0.056

v0.057

v0.058

v0.059

v0.060

v0.061

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-25099.json"