Fluid Attacks Database

Description

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	libcrypt-saltedhash-perl	=0.09-3 \|\| =0.11-1	-
debian 14	libcrypt-saltedhash-perl	=0.09-3 \|\| >=0 <0.11-1	0.11-1
debian 11	libcrypt-saltedhash-perl	=0.09-1.1 \|\| =0.09-2 \|\| =0.09-3 \|\| =0.11-1	-
debian 12	libcrypt-saltedhash-perl	=0.09-3 \|\| =0.11-1	-

Aliases

1. CVE-2026-473722. NVD-2026-473723. OSV-DEBIAN-2026-473724. OSV-2026-473725. SECURITY-TRACKER-CVE-2026-47372

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.