USN-8128-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-8128-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8128-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-8128-1
Upstream
Related
Published
2026-03-26T15:54:44Z
Modified
2026-03-27T17:30:22.605108364Z
Summary
libcryptx-perl vulnerabilities
Details

It was discovered that CryptX did not verify authentication tags while performing GCM and ChaCha20-Poly1305 decryption. An attacker could possibly use this issue to cause CryptX to accept modified ciphertext, leading to data integrity violations or authentication bypass. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-25099)

It was discovered that CryptX included a version of the tomcrypt library that was susceptible to malformed unicode handling. An attacker could possibly use this issue to cause unexpected behavior or incorrect processing of crafted input. This issue only affected Ubuntu 18.04 LTS. (CVE-2025-40912)

It was discovered that CryptX included a version of the libtommath library that was susceptible to an integer overflow. An attacker could possibly use this issue to cause memory corruption or a denial of service. (CVE-2025-40914)

References

Affected packages

Ubuntu:Pro:18.04:LTS / libcryptx-perl

Package

Name
libcryptx-perl
Purl
pkg:deb/ubuntu/libcryptx-perl@0.056-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.056-1ubuntu0.1~esm1

Affected versions

0.*
0.055-1
0.056-1

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.056-1ubuntu0.1~esm1",
            "binary_name": "libcryptx-perl"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8128-1.json"
cves_map 
{
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2018-25099"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-40912"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-40914"
        }
    ],
    "ecosystem": "Ubuntu:Pro:18.04:LTS"
}

Ubuntu:Pro:20.04:LTS / libcryptx-perl

Package

Name
libcryptx-perl
Purl
pkg:deb/ubuntu/libcryptx-perl@0.067-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.067-1ubuntu0.1~esm1

Affected versions

0.*
0.064-1
0.064-1build1
0.066-1
0.067-1

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.067-1ubuntu0.1~esm1",
            "binary_name": "libcryptx-perl"
        }
    ]
}

Database specific

cves_map 
{
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-40914"
        }
    ],
    "ecosystem": "Ubuntu:Pro:20.04:LTS"
}
source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8128-1.json"

Ubuntu:Pro:22.04:LTS / libcryptx-perl

Package

Name
libcryptx-perl
Purl
pkg:deb/ubuntu/libcryptx-perl@0.076-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.076-1ubuntu0.1~esm1

Affected versions

0.*
0.069-1build1
0.073-1
0.074-1
0.075-1
0.076-1
0.076-1build1

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.076-1ubuntu0.1~esm1",
            "binary_name": "libcryptx-perl"
        }
    ]
}

Database specific

cves_map 
{
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-40914"
        }
    ],
    "ecosystem": "Ubuntu:Pro:22.04:LTS"
}
source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8128-1.json"

Ubuntu:Pro:24.04:LTS / libcryptx-perl

Package

Name
libcryptx-perl
Purl
pkg:deb/ubuntu/libcryptx-perl@0.080-2ubuntu0.1~esm1?arch=source&distro=esm-apps/noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.080-2ubuntu0.1~esm1

Affected versions

0.*
0.078-1
0.080-1
0.080-2
0.080-2build1
0.080-2build2
0.080-2build3

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.080-2ubuntu0.1~esm1",
            "binary_name": "libcryptx-perl"
        }
    ]
}

Database specific

cves_map 
{
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2025-40914"
        }
    ],
    "ecosystem": "Ubuntu:Pro:24.04:LTS"
}
source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8128-1.json"