CVE-2026-14570

TIMLEGGE · Crypt::DSA

Crypt::DSA uses a biased random number generator for signing nonces and private keys, potentially allowing an attacker to recover private keys.

Executive summary

A vulnerability in the Crypt::DSA Perl module allows for private-key recovery due to the use of a biased random number generator.

Vulnerability

This is a cryptographic flaw (CWE-330) where the Crypt::DSA::Util::makerandom function forces the high bit of random values, resulting in insufficient entropy. The vulnerability is exploitable by an unauthenticated remote attacker who can observe signing operations to derive the private key.

Business impact

The compromise of DSA private keys allows an attacker to forge digital signatures, effectively bypassing authentication or integrity controls. Given the CVSS score of 7.5, this high-severity vulnerability poses a significant risk to the confidentiality of signed communications and the integrity of systems relying on this library for cryptographic operations.

Remediation

Immediate Action: Upgrade to version 1.22 or later, which implements uniform random number generation via Crypt::DSA::Util::randombelow. Furthermore, you must revoke and regenerate any cryptographic keys that were used with the affected versions.

Proactive Monitoring: Review audit logs for unusual cryptographic activity or repeated signature failures that might indicate an attempt to collect signing nonces.

Compensating Controls: Since this is a library-level vulnerability, transition to an alternative, actively maintained cryptographic library as soon as possible, as Crypt::DSA has been deprecated since version 1.20.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

The severity of this cryptographic weakness cannot be overstated; the ability to recover private keys renders all signatures generated by affected versions untrustworthy. Organizations must prioritize updating to version 1.22 or migrating to a modern, supported cryptographic solution immediately to restore the integrity of their signing processes.