CVE-2017-20240

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 12, 2026

Vendor unknown

Description

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key.

References

https://github.com/arodland/Crypt-PBKDF2/pull/6
https://metacpan.org/release/ARODLAND/Crypt-PBKDF2-0.161520/source/lib/Crypt/PBKDF2.pm#L123-148
https://metacpan.org/release/ARODLAND/Crypt-PBKDF2-0.261630/changes