{"id":"CVE-2026-12205","summary":"Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery","details":"Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery.\n\nCrypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it.\n\nThe first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical \"r\".\n\nKeys used to sign more than once with an affected version should be considered compromised.","modified":"2026-07-08T07:48:28.682924946Z","published":"2026-06-15T21:57:18.317Z","database_specific":{"cwe_ids":["CWE-323"],"cna_assigner":"CPANSec","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/12xxx/CVE-2026-12205.json"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2026/06/15/4"},{"type":"WEB","url":"https://cpan.org/modules"},{"type":"WEB","url":"https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.20/source/lib/Crypt/DSA.pm#L47"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/12xxx/CVE-2026-12205.json"},{"type":"ADVISORY","url":"https://metacpan.org/release/TIMLEGGE/Crypt-DSA-1.21/changes"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-12205"},{"type":"PACKAGE","url":"https://github.com/perl-Crypt-OpenPGP/Crypt-DSA"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/perl-crypt-openpgp/crypt-dsa","events":[{"introduced":"0"},{"fixed":"ff96123c051e9582c8645cd79bdc061ee2f31c55"}],"database_specific":{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"1.21"}]}}],"versions":["1.20","1.19","1.18","1.17"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-12205.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}