CVE-2025-40912

CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode

CVSS 9.8 CRITICALEPSS 0.4%CWE-1395

In short

CryptX for Perl before version 0.065 includes a vulnerable version of the tomcrypt library that fails to properly handle malformed unicode characters, potentially allowing attackers to cause crashes or unexpected behavior.

Technical detail

CryptX embeds an outdated tomcrypt library (vulnerable to CVE-2019-17362) that improperly processes malformed unicode input. An attacker can supply crafted unicode sequences to trigger denial of service or undefined behavior in cryptographic operations. Update to version 0.065 or later to remediate.

Summary generated and translated by AI from the official description.

CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

MIK · CryptX

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/libtom/libtomcrypt/issues/507