CVE-2026-30909
Published: 08 March 2026
Summary
CVE-2026-30909 is a critical-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Timlegge Crypt\. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 8.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely remediation through patching the integer overflow in Crypt::NaCl::Sodium functions directly prevents buffer underallocation and exploitation.
Validating input lengths prior to invoking affected functions like bin2hex and encrypt prevents triggering the integer wraparound condition.
Vulnerability scanning identifies systems using vulnerable Crypt::NaCl::Sodium versions through 2.002, enabling targeted remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated attacker supplying crafted large inputs to affected crypto functions (encrypt/seal/etc.) can trigger memory corruption or crashes in applications using the library, directly enabling exploitation of public-facing apps/remote services for RCE, priv-esc, or DoS.
NVD Description
Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows. bin2hex, encrypt, aes256gcm_encrypt_afternm and seal functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. Encountering this…
more
issue is unlikely as the message length would need to be very large. For bin2hex() the bin_len would have to be > SIZE_MAX / 2 For encrypt() the msg_len would need to be > SIZE_MAX - 16U For aes256gcm_encrypt_afternm() the msg_len would need to be > SIZE_MAX - 16U For seal() the enc_len would need to be > SIZE_MAX - 64U
Deeper analysisAI
CVE-2026-30909 is an integer overflow vulnerability (CWE-190) affecting Crypt::NaCl::Sodium versions through 2.002, a Perl module implementing the NaCl cryptography library. The issue resides in the bin2hex, encrypt, aes256gcm_encrypt_afternm, and seal functions, which fail to verify that the required output size remains below SIZE_MAX before allocation. This can trigger integer wraparound, resulting in an undersized output buffer. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting severe potential impacts despite practical constraints.
Any remote, unauthenticated attacker able to supply inputs to affected functions could exploit this vulnerability. Exploitation requires extremely large input lengths—for bin2hex, binary length exceeding SIZE_MAX / 2; for encrypt and aes256gcm_encrypt_afternm, message length over SIZE_MAX - 16U; and for seal, encrypted length surpassing SIZE_MAX - 64U—making it unlikely in typical scenarios. Successful exploitation could lead to buffer underallocation, potentially causing memory corruption, application crashes, or incorrect cryptographic operations that compromise confidentiality, integrity, and availability.
Mitigation is available via a patch in pull request #24 at https://github.com/cpan-authors/crypt-nacl-sodium/pull/24.patch, which addresses the output size checks in the vulnerable functions. The referenced source code lines from the vulnerable version 2.002 (e.g., Sodium.xs at lines 2116, 2310, 3304, and 942 on metacpan.org) highlight the exact locations of the flaws for verification and patching. Security practitioners should update to a patched version beyond 2.002.
Details
- CWE(s)