Crypt-OpenSSL-RSA-0.23

Security Advisories (1)

CVE-2024-2467 (2024-04-25)

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.

Changes for version 0.23

Provide 32 bytes of seeding in tests, up from 19.
Stop relying on implicit includes, which disappeared in the 0.98 release of OpenSSL.
Apply patch from Jim Radford <radford@blackbean.org> to add support for SHA{224,256,384,512}

Modules

Crypt::OpenSSL::RSA

RSA encoding and decoding, using the openSSL libraries

Other files

To install Crypt::OpenSSL::RSA, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Crypt::OpenSSL::RSA

CPAN shell

perl -MCPAN -e shell
install Crypt::OpenSSL::RSA

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Changes for version 0.23

Modules

Other files

Module Install Instructions