CVE-2025-40914

Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow

CVSS 9.8 CRITICALEPSS 0.4%CWE-1395

In short

Perl CryptX before version 0.087 includes an outdated cryptography library (libtommath) with a flaw that can cause integer overflow, potentially allowing attackers to crash the application or execute malicious code.

Technical detail

CryptX versions prior to 0.087 embed a vulnerable version of libtommath susceptible to integer overflow (CVE-2023-36328), exploitable through crafted mathematical inputs during cryptographic operations. This can result in memory corruption, denial of service, or arbitrary code execution depending on the context of use.

Summary generated and translated by AI from the official description.

Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

MIK · CryptX

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/advisories/GHSA-j3xv-6967-cv88 https://github.com/libtom/libtommath/pull/546 https://metacpan.org/release/MIK/CryptX-0.086/source/src/ltm/bn_mp_grow.c https://www.cve.org/CVERecord?id=CVE-2023-36328