{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T18:11:10.096","vulnerabilities":[{"cve":{"id":"CVE-2026-30910","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-03-08T02:16:00.620","lastModified":"2026-03-10T18:18:51.633","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows.\n\nCombined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. This can cause a crash in bin2hex and encryption algorithms other than aes256gcm. For aes256gcm encryption and signatures, an undersized buffer could lead to buffer overflow.\n\nEncountering this issue is unlikely as the message length would need to be very large.\n\nFor bin2hex the input size would have to be > SIZE_MAX / 2 For aegis encryption the input size would need to be > SIZE_MAX - 32U For other encryption the input size would need to be > SIZE_MAX - 16U For signatures the input size would need to be > SIZE_MAX - 64U"},{"lang":"es","value":"Las versiones de Crypt::Sodium::XS hasta la 0.001000 para Perl tienen posibles desbordamientos de enteros.\n\nEl cifrado AEAD combinado, la creación de firmas combinada y las funciones bin2hex no verifican que el tamaño de salida sea menor que SIZE_MAX, lo que podría llevar a un 'integer wraparound' causando un búfer de salida de tamaño insuficiente. Esto puede causar un fallo en bin2hex y en algoritmos de cifrado distintos de aes256gcm. Para el cifrado aes256gcm y las firmas, un búfer de tamaño insuficiente podría llevar a un desbordamiento de búfer.\n\nEs poco probable encontrar este problema, ya que la longitud del mensaje tendría que ser muy grande.\n\nPara bin2hex, el tamaño de entrada tendría que ser > SIZE_MAX / 2\nPara el cifrado aegis, el tamaño de entrada tendría que ser > SIZE_MAX - 32U\nPara otros cifrados, el tamaño de entrada tendría que ser > SIZE_MAX - 16U\nPara las firmas, el tamaño de entrada tendría que ser > SIZE_MAX - 64U"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:iamb:crypt\\:\\:sodium\\:\\:xs:*:*:*:*:*:perl:*:*","versionEndIncluding":"0.001001","matchCriteriaId":"36F9F8AC-0EDB-4FA5-9E11-1F85AC15D3E8"}]}]}],"references":[{"url":"https://metacpan.org/release/IAMB/Crypt-Sodium-XS-0.001001/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Release Notes"]},{"url":"http://www.openwall.com/lists/oss-security/2026/03/08/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}