Description
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.
Published: 2026-05-15
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Crypt::DSA versions up to 1.19 make use of Perl’s two‑argument open, which permits the modification of files that already exist. This flaw allows an attacker who can influence the parameters passed to the module to overwrite files such as private keys or configuration data, thereby compromising the integrity of the application or system.

Affected Systems

The affected product is TIMLEGGE’s Crypt::DSA Perl module through version 1.19. Systems running any of these versions of Crypt::DSA without an upgrade to 1.20 are vulnerable.

Risk and Exploitability

CVSS score of 6.5 and EPSS score of < 1% are reported, and the vulnerability is not listed in the CISA KEV catalog. The flaw can be exploited by an attacker who controls the environment in which Crypt::DSA operates, enabling file modifications that may impact confidentiality, integrity, or availability. The attack vector is likely local or through code that feeds input to Crypt::DSA.

Generated by OpenCVE AI on May 18, 2026 at 16:22 UTC.

Remediation

Vendor Solution

Upgrade to version 1.20

OpenCVE Recommended Actions

  • Apply the vendor’s update to Crypt::DSA 1.20
  • Limit usage of Crypt::DSA in trusted contexts and ensure that scripts cannot supply arbitrary filenames
  • Enforce strict file permissions on critical files to prevent unauthorized writes

Generated by OpenCVE AI on May 18, 2026 at 16:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 17 May 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Timlegge
Timlegge crypt::dsa
Vendors & Products Timlegge
Timlegge crypt::dsa

Sat, 16 May 2026 01:30:00 +0000

Type Values Removed Values Added
References

Fri, 15 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.
Title Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified
Weaknesses CWE-552
References

Subscriptions

Timlegge Crypt::dsa
cve-icon MITRE

Status: PUBLISHED

Assigner: CPANSec

Published:

Updated: 2026-05-18T15:06:15.379Z

Reserved: 2026-05-15T18:08:24.117Z

Link: CVE-2026-8704

cve-icon Vulnrichment

Updated: 2026-05-16T00:31:20.840Z

cve-icon NVD

Status : Deferred

Published: 2026-05-15T23:16:21.740

Modified: 2026-05-18T17:40:45.343

Link: CVE-2026-8704

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T16:30:05Z

Weaknesses
  • CWE-552

    Files or Directories Accessible to External Parties