Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/perl-cryptx@0.088-r0?arch=armhf&distroversion=edge&reponame=main
Typeapk
Namespacealpine
Nameperl-cryptx
Version0.088-r0
Qualifiers
arch armhf
distroversion edge
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-8et5-tcda-tfhd
vulnerability_id VCID-8et5-tcda-tfhd
summary CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A Crypt::PK::* object created before `fork()` shares byte-identical PRNG state with every child process, and any randomized operation they perform can produce identical output, including key generation. Two ECDSA or DSA signatures from different processes are enough to recover the signing private key through nonce-reuse key recovery. This affects preforking services such as the Starman web server, where a Crypt::PK::* object loaded at startup is inherited by every worker process.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41564
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03016
published_at 2026-06-05T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.02919
published_at 2026-06-09T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03024
published_at 2026-06-06T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.02955
published_at 2026-06-08T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.02971
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41564
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41564
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41564
2
reference_url https://github.com/DCIT/perl-CryptX/commit/9a1dd3e0c27d68e32450be5538b864c2b115ee15.patch
reference_id 9a1dd3e0c27d68e32450be5538b864c2b115ee15.patch
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:05:18Z/
url https://github.com/DCIT/perl-CryptX/commit/9a1dd3e0c27d68e32450be5538b864c2b115ee15.patch
3
reference_url https://metacpan.org/release/MIK/CryptX-0.088
reference_id CryptX-0.088
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:05:18Z/
url https://metacpan.org/release/MIK/CryptX-0.088
4
reference_url https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-24c2-gp6c-24c6
reference_id GHSA-24c2-gp6c-24c6
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:05:18Z/
url https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-24c2-gp6c-24c6
fixed_packages
0
url pkg:apk/alpine/perl-cryptx@0.088-r0?arch=armhf&distroversion=edge&reponame=main
purl pkg:apk/alpine/perl-cryptx@0.088-r0?arch=armhf&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/perl-cryptx@0.088-r0%3Farch=armhf&distroversion=edge&reponame=main
aliases CVE-2026-41564
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8et5-tcda-tfhd
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/perl-cryptx@0.088-r0%3Farch=armhf&distroversion=edge&reponame=main