Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks

Description

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.

Affected Products

Vendor	Product	Versions
nerdvana	crypt::secretbuffer	0

References

https://metacpan.org/release/NERDVANA/Crypt-SecretBuffer-0.019/source/Changes(release-notes)

Related News (1 articles)

Tier C

oss-security5h ago

CVE-2026-5086: Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks

→ No new info (linked only)

CVSS 3.15.3 NONE

CISA KEV❌ No

Actively exploited❌ No

Patch available

0.019

CWECWE-208

PublishedApr 13, 2026

Last enriched4h agov2

Community Vote

Version History

Last enriched 4h ago

v2Tier C4h ago

Updated severity to MEDIUM, added CVSS estimate 5.3, confirmed CWE-208, exploit availability, active exploitation, patch availability, and added tag 'timing attack'.

severitycvssEstimatetags

via oss-security

v15h ago

Initial creation