Crypt-Sodium-XS-0.000042

Security Advisories (1)

CVE-2026-30910 (2026-03-08)

Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. This can cause a crash in bin2hex and encryption algorithms other than aes256gcm. For aes256gcm encryption and signatures, an undersized buffer could lead to buffer overflow. Encountering this issue is unlikely as the message length would need to be very large. For bin2hex the input size would have to be > SIZE_MAX / 2 For aegis encryption the input size would need to be > SIZE_MAX - 32U For other encryption the input size would need to be > SIZE_MAX - 16U For signatures the input size would need to be > SIZE_MAX - 64U

https://metacpan.org/release/IAMB/Crypt-Sodium-XS-0.001001/changes

Changes for version 0.000042

IMPORTANT SECURITY UPDATE: bundled libsodium updated to 1.0.20-stable. fixes CVE-2025-15444 (upstream CVE-2025-69277). libsodium version 1.0.20-stable is both a vulnerable and not-vulnerable version for this CVE. the included copy of this "stable release" (daily snapshot) is the version of 1.0.20-stable released January 3, 2026 which includes a fix for the vulnerability.
vulnerability notes:
C::S::XS::curve25519::core_ed25519_is_valid_point could have improperly reported invalid curve points as valid. only users of this low-level function (e.g., for implementing custom crypto) are affected.
this update only affects users of the bundled version of libsodium. users of an externally-provided libsodium (e.g., software packaged by operating system distribution) must update that library to a not-vulnerable version. for those external library users, this Crypt::Sodium::XS update is not necessary and will not remediate the vulnerability.

Documentation

CONTRIBUTING.md

SECURITY.md

csxs-ppcrypt

simple passphrase-based encryption and decryption

pminisign

perl implementation of minisign

Modules

Crypt::Sodium::XS

perl XS bindings for libsodium

Crypt::Sodium::XS::Base64

libsodium base64 functions and constants

Crypt::Sodium::XS::Core

libsodium low-level functions

Crypt::Sodium::XS::MemVault

Protected memory objects

Crypt::Sodium::XS::OO::aead

Authenticated encryption with additional data

Crypt::Sodium::XS::OO::auth

Secret key message authentication

Crypt::Sodium::XS::OO::box

Asymmetric (public/secret key) authenticated encryption

Crypt::Sodium::XS::OO::curve25519

Low-level functions over Curve25519

Crypt::Sodium::XS::OO::generichash

Cryptographic hashing

Crypt::Sodium::XS::OO::hash

SHA2 cryptographic hashing

Crypt::Sodium::XS::OO::hkdf

HMAC-based Extract-and-Expand Key Derivation Function

Crypt::Sodium::XS::OO::kdf

Secret subkey derivation from a main secret key

Crypt::Sodium::XS::OO::kx

Shared key derivation from client/server asymmetric key pairs

Crypt::Sodium::XS::OO::onetimeauth

Single-use secret key message authentication

Crypt::Sodium::XS::OO::pwhash

Password hashing and verification

Crypt::Sodium::XS::OO::scalarmult

Point-scalar multiplication over the edwards25519 curve

Crypt::Sodium::XS::OO::secretbox

Secret key authenticated encryption

Crypt::Sodium::XS::OO::secretstream

Secret key authenticated encryption for multiple in-order messages

Crypt::Sodium::XS::OO::shorthash

Short-input hashing

Crypt::Sodium::XS::OO::sign

Asymmetric (public/secret key) signatures and verification

Crypt::Sodium::XS::OO::stream

Stream ciphers

Crypt::Sodium::XS::ProtMem

Memory protection functions and constants

Crypt::Sodium::XS::Util

libsodium utilities

Crypt::Sodium::XS::aead

Authenticated encryption with additional data

Crypt::Sodium::XS::auth

Secret key message authentication

Crypt::Sodium::XS::box

Asymmetric (public/secret key) authenticated encryption

Crypt::Sodium::XS::curve25519

Low-level functions over Curve25519

Crypt::Sodium::XS::generichash

Cryptographic hashing

Crypt::Sodium::XS::hash

SHA2 cryptographic hashing

Crypt::Sodium::XS::hkdf

HMAC-based Extract-and-Expand Key Derivation Function

Crypt::Sodium::XS::kdf

Secret subkey derivation from a main secret key

Crypt::Sodium::XS::kx

Shared key derivation from client/server asymmetric key pairs

Crypt::Sodium::XS::onetimeauth

Single-use secret key message authentication

Crypt::Sodium::XS::pwhash

Password hashing and verification

Crypt::Sodium::XS::scalarmult

Point-scalar multiplication on the Curve25519 curve.

Crypt::Sodium::XS::secretbox

Secret key authenticated encryption

Crypt::Sodium::XS::secretstream

Secret key authenticated encryption for multiple in-order messages

Crypt::Sodium::XS::shorthash

Short-input hashing

Crypt::Sodium::XS::sign

Asymmetric (public/secret key) signatures and verification

Crypt::Sodium::XS::stream

Stream ciphers

Provides

Crypt::Sodium::XS::OO::Base

in lib/Crypt/Sodium/XS/OO/Base.pm

Other files

To install Crypt::Sodium::XS, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Crypt::Sodium::XS

CPAN shell

perl -MCPAN -e shell
install Crypt::Sodium::XS

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Changes for version 0.000042

Documentation

Modules

Provides

Other files

Module Install Instructions

Keyboard Shortcuts