What is GHSA-j539-xxc6-73wf?

GHSA-j539-xxc6-73wf is a security advisory published by GitHub Security Advisories with High severity. Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The...

Which CVE IDs does GHSA-j539-xxc6-73wf cover?

GHSA-j539-xxc6-73wf covers the following CVE IDs: CVE-2026-6659. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-j539-xxc6-73wf?

GHSA-j539-xxc6-73wf has a CVSS v3 base score of 7.5, published by GitHub Security Advisories.

GHSA-j539-xxc6-73wfHighCVSS 7.5

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The...

Vendor

GitHub Security Advisories

Published

May 8, 2026

Last Modified

May 27, 2026

🔗 CVE IDs covered (1)

CVE-2026-6659 →

📋 Description

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts.

The built-in rand function is predictable, and unsuitable for cryptography.

🔗 References (7)

https://nvd.nist.gov/vuln/detail/CVE-2026-6659
https://metacpan.org/release/RSAVAGE/Crypt-PasswdMD5-1.42/source/lib/Crypt/PasswdMD5.pm#L35-47
http://www.openwall.com/lists/oss-security/2026/05/08/17
https://github.com/ronsavage/Crypt-PasswdMD5/pull/3
https://github.com/ronsavage/Crypt-PasswdMD5/commit/a2f821637db0296082297aa4b02254ab08f0dc5e.patch
https://metacpan.org/release/RSAVAGE/Crypt-PasswdMD5-1.43/changes
https://github.com/advisories/GHSA-j539-xxc6-73wf