CVE-2026-12205 | Crypt::DSA versions before 1.21 for Perl reused the nonce ac…

Description

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical "r". Keys used to sign more than once with an affected version should be considered compromised.

Metadata

CVE ID: CVE-2026-12205
State: PUBLISHED
Assigner: CPANSec
Reserved: 2026-06-14 12:07 UTC
Published: 2026-06-15 21:57 UTC
Last updated: 2026-06-15 22:44 UTC
Primary CWE: CWE-323
CWE-323 Reusing a Nonce, Key Pair in Encryption
Vendor / Product: TIMLEGGE / Crypt::DSA
Sources: cve.org · NVD

Severity & Metrics

No CVSS data available.

Affected products (1)

Vendor	Product	Platform	Versions
TIMLEGGE	Crypt::DSA	—	0 < 1.21

Weakness (CWE)

CWE	Source	Description
CWE-323	cna	CWE-323 Reusing a Nonce, Key Pair in Encryption

References (2)