CVE-2026-12205
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. The first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical 'r'.
Risk Assessment
Keys used to sign more than once with an affected version should be considered compromised, posing a serious risk to data security and signature integrity.
Recommendation
It is recommended to upgrade to Crypt::DSA version 1.21 or later and to replace all keys that were used for signing with the affected version.
Original NVD description (English source)
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical "r". Keys used to sign more than once with an affected version should be considered compromised.

