{"id":"CVE-2025-15638","summary":"Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt","details":"Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt.\n\nNet::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and CVE-2018-12437.","modified":"2026-07-08T07:41:11.026515925Z","published":"2026-04-21T15:34:18.988Z","database_specific":{"cna_assigner":"CPANSec","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/15xxx/CVE-2025-15638.json","cwe_ids":["CWE-1395"]},"references":[{"type":"WEB","url":"https://cpan.org/modules"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/15xxx/CVE-2025-15638.json"},{"type":"ADVISORY","url":"https://metacpan.org/release/ATRODO/Net-Dropbear-0.14/source/dropbear/libtomcrypt/changes"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-15638"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2016-6129"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2018-12437"},{"type":"PACKAGE","url":"https://github.com/atrodo/Net-Dropbear"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/atrodo/net-dropbear","events":[{"introduced":"0"},{"fixed":"737ee55f40b5c9b9df5a9fb48b68b9a013607f7f"}],"database_specific":{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"0.14"}]}}],"versions":["0.13","0.12","0.11","0.10","0.09","0.08","0.07","0.06","0.04","0.03","0.02","0.01"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15638.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}