CVE-2018-25099

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-25099
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-25099.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-25099
Related
Published
2024-03-18T05:15:06Z
Modified
2025-03-14T20:45:28.636455Z
Summary
[none]
Details

In the CryptX module before 0.062 for Perl, gcmdecryptverify() and chacha20poly1305decryptverify() do not verify the tag.

References

Affected packages

Debian:11 / libcryptx-perl

Package

Name
libcryptx-perl
Purl
pkg:deb/debian/libcryptx-perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.062-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / libcryptx-perl

Package

Name
libcryptx-perl
Purl
pkg:deb/debian/libcryptx-perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.062-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / libcryptx-perl

Package

Name
libcryptx-perl
Purl
pkg:deb/debian/libcryptx-perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.062-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/dcit/perl-cryptx

Affected ranges

Type
GIT
Repo
https://github.com/dcit/perl-cryptx
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
681ea01e6477c0fd70fc0febdbabe7b190815b4b

Affected versions

v0.*

v0.018
v0.019
v0.020
v0.021
v0.022
v0.023
v0.024
v0.025
v0.026
v0.029
v0.030
v0.031
v0.032
v0.033
v0.034
v0.035
v0.036
v0.037
v0.038
v0.039
v0.040
v0.041
v0.042
v0.043
v0.044
v0.045
v0.046
v0.047
v0.048
v0.049
v0.050
v0.051
v0.052
v0.053
v0.054
v0.055
v0.056
v0.057
v0.058
v0.059
v0.060
v0.061