CVE-2026-12205
Deferred Deferred - Pending Action

Nonce Reuse in Crypt::DSA Private Key Compromise

Vulnerability report for CVE-2026-12205, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-15

Last updated on: 2026-06-16

Assigner: CPANSec

Description

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical "r". Keys used to sign more than once with an affected version should be considered compromised.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-15
Last Modified
2026-06-16
Generated
2026-07-06
AI Q&A
2026-06-16
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openwall crypt_dsa to 1.21 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-323 Nonces should be used for the present occasion and only once.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects Crypt::DSA versions before 1.21 for Perl, where the nonce used in digital signatures is reused across multiple signatures.

Specifically, the Crypt::DSA::sign function caches the nonce material in the Key object and does not clear it, causing the same nonce to be reused for every signature made with that Key object.

Reusing the nonce results in identical 'r' values in signatures, which can lead to the recovery of the private key.

Impact Analysis

If you use an affected version of Crypt::DSA to sign data multiple times with the same Key object, the private key can be recovered by an attacker due to nonce reuse.

This compromises the security of your cryptographic signatures, potentially allowing attackers to forge signatures or impersonate you.

Keys used to sign more than once with an affected version should be considered compromised.

Mitigation Strategies

To mitigate this vulnerability, you should consider any keys used to sign more than once with Crypt::DSA versions before 1.21 as compromised.

Update Crypt::DSA to version 1.21 or later where the nonce reuse issue is fixed.

Revoke and replace any compromised keys that were used with the affected versions.

Compliance Impact

The vulnerability in Crypt::DSA versions before 1.21 allows attackers to recover private keys due to nonce reuse in digital signatures. This key compromise can lead to unauthorized data access or data integrity violations.

Such a compromise can negatively impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and cryptographic keys to ensure confidentiality and integrity.

Organizations using affected versions should consider keys compromised, revoke them, and upgrade to fixed versions to maintain compliance and reduce risk of data breaches.

Detection Guidance

This vulnerability involves the reuse of the nonce in Crypt::DSA versions before 1.21, which leads to private key compromise if a key is used to sign more than once. Detection involves identifying if any keys have been used multiple times to sign data with an affected version of Crypt::DSA.

Since the vulnerability is specific to the Crypt::DSA Perl module versions before 1.21, the first step is to check the installed version of Crypt::DSA on your system.

  • Check the installed Crypt::DSA version using Perl commands, for example: perl -MCrypt::DSA -e 'print $Crypt::DSA::VERSION, "\n";'
  • Audit logs or signature records to identify if any keys have been used to sign more than once with the affected Crypt::DSA version.

There are no specific network detection commands provided in the resources. Detection primarily relies on verifying the Crypt::DSA version and reviewing key usage patterns to identify nonce reuse.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12205. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart