/ 
Crypt-SecretBuffer-0.017
Security Advisories (1)
CVE-2026-5086 (2026-04-13)

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.

Changes for version 0.017 - 2025-12-28

  • New features for append_console_line: char_mask, char_count, char_class
  • New attribute 'line_input' for ConsoleState toggles line buffering
  • New method Span->set_up_us_the_bom processes byte-order-marks
  • Return value of memcmp is now normalized to -1/0/1

Documentation

README.md
SECURITY.md

Modules

Crypt::SecretBuffer
Prevent accidentally leaking a string of sensitive data
Crypt::SecretBuffer::AsyncResult
Observe results of a write_async operation
Crypt::SecretBuffer::ConsoleState
Disable TTY echo within a scope
Crypt::SecretBuffer::INI
Parse INI format from a SecretBuffer
Crypt::SecretBuffer::PEM
Parse PEM format from a SecretBuffer
Crypt::SecretBuffer::Span
Reference a span of bytes within a SecretBuffer

Provides

Crypt::SecretBuffer::Exports
in lib/Crypt/SecretBuffer.pm

Other files