Skip to content

[GHSA-5cq6-9f97-wjwx] Crypt::DSA versions through 1.19 for Perl use 2-args open... #7716

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Vendetaaaa wants to merge 1 commit into
base: Vendetaaaa/advisory-improvement-7716
Choose a base branch
from
Open

[GHSA-5cq6-9f97-wjwx] Crypt::DSA versions through 1.19 for Perl use 2-args open... #7716

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 34 additions & 5 deletions advisories/unreviewed/2026/05/GHSA-5cq6-9f97-wjwx/GHSA-5cq6-9f97-wjwx.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,43 @@
{
"schema_version": "1.4.0",
"id": "GHSA-5cq6-9f97-wjwx",
"modified": "2026-05-16T03:31:27Z",
"modified": "2026-05-16T03:32:33Z",
"published": "2026-05-16T00:31:11Z",
"aliases": [
"CVE-2026-8704"
],
"details": "Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.",
"severity": [],
"affected": [],
"summary": "Arbitrary File Modification in Crypt::DSA via 2-argument open()",
"details": "### Summary\nVersions of the `Crypt::DSA` module for Perl through 1.19 are vulnerable to arbitrary file modification. The vulnerability arises within `lib/Crypt/DSA/Key.pm` due to the use of the legacy, insecure 2-argument form of Perl's built-in `open()` function (e.g., `open FH, \"$filename\"`). \n\n### Impact\nWhen `Crypt::DSA` processes key file exports, reads, or writes using input paths derived from external or untrusted sources, an attacker can manipulate the path string to change how the filesystem handles the handle initialization. By supplying unexpected leading/trailing characters or pipeline indicators common to Perl's 2-argument `open` syntax, an attacker can overwrite, modify, or truncate arbitrary files on the local filesystem with permissions matching the executing process.\n\n### Remediation\nUpgrade the `Crypt::DSA` Perl module to version **1.20** or later. Version 1.20 patches this flaw by replacing all occurrences of the insecure 2-argument file open operations with the modern, secure 3-argument syntax (e.g., `open my $fh, '>', $filename`).",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"
}
],
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "Crypt::DSA"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "= 1.20"
}
]
}
],
"database_specific": {
"last_known_affected_version_range": "<= 1.19"
}
}
],
"references": [
{
"type": "ADVISORY",
Expand All @@ -31,7 +60,7 @@
"cwe_ids": [
"CWE-552"
],
"severity": null,
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-15T23:16:21Z"
Expand Down