CVE-2026-14570
Linux Debian Analyse et atténuation des vulnérabilités

Aperçu

CVE-2026-14570 is a cryptographic weakness in the Perl module Crypt::DSA (versions before 1.22) where DSA signing nonces and private keys are drawn from a biased random number generator, enabling private-key recovery via lattice attack. The vulnerability was disclosed on July 5, 2026, by Timothy Legge via the oss-security mailing list and assigned by CPANSec. Affected software is Crypt-DSA by TIMLEGGE, all versions prior to 1.22. No CVSS score has been formally assigned at time of publication; the vulnerability is estimated as Medium severity (GitHub Advisory, oss-security).

Détails techniques

The root cause is classified as CWE-330 (Use of Insufficiently Random Values). The function Crypt::DSA::Util::makerandom forces the high bit of every returned value to 1 in order to produce an exactly N-bit integer suitable for prime search; however, both the DSA signing nonce (k) and the private key (x) are drawn from this same biased generator (oss-security). Because the top bit is always set, the output distribution is non-uniform — effectively halving the keyspace — which is a well-known precondition for lattice-based private key recovery attacks (e.g., Hidden Number Problem). An attacker needs only a modest number of signatures produced under the affected key, along with the corresponding public key, to mount the attack; no privileged access or interaction with the victim beyond collecting public signatures is required (GitHub Advisory). The fix in version 1.22 replaces makerandom with Crypt::DSA::Util::randombelow, which uses rejection sampling to produce uniformly distributed values with no forced high bit (oss-security).

Impact

Successful exploitation allows an unauthenticated attacker who has collected a modest number of DSA signatures (and the corresponding public key) to fully recover the private key, enabling complete impersonation of the key holder and arbitrary forgery of signatures (GitHub Advisory). This constitutes a critical confidentiality and integrity impact: any data or communications authenticated with the compromised key can no longer be trusted, and the attacker can sign arbitrary content as the legitimate key owner. All keys generated or used for signing with affected versions of Crypt::DSA (before 1.22) must be considered permanently compromised (oss-security).

Étapes d’exploitation

  1. Signature Collection: Passively collect a sufficient number of DSA signatures (typically tens to hundreds, depending on the bias magnitude) produced by the target's private key, along with the corresponding public key and signed messages. These may be gathered from public repositories, software releases, emails, or network traffic.
  2. Bias Analysis: Confirm that the signatures were produced by Crypt::DSA versions before 1.22 by examining the software stack of the signing party or inferring from signature patterns.
  3. Lattice Attack Setup: Formulate the Hidden Number Problem (HNP) using the known bias (top bit always set in nonce k). Construct a lattice from the collected (message hash, signature) pairs using standard techniques (e.g., LLL or BKZ lattice basis reduction).
  4. Private Key Recovery: Solve the lattice problem to recover the DSA private key x. Tools implementing lattice attacks against biased DSA nonces are available in academic literature and open-source cryptanalysis frameworks.
  5. Key Abuse: Use the recovered private key to forge arbitrary DSA signatures, impersonate the key holder, or decrypt any data protected by the key (oss-security, GitHub Advisory).

Atténuation et solutions de contournement

Upgrade Crypt::DSA to version 1.22 or later, which replaces the biased makerandom function with randombelow (rejection sampling), producing uniformly distributed nonces and private keys (oss-security). Any DSA keys generated or used for signing with versions prior to 1.22 must be treated as compromised: revoke them immediately, generate new keys using the patched version, and redistribute updated public keys to all relying parties. Note that Crypt::DSA was deprecated as of version 1.20; users should evaluate migrating to a maintained cryptographic library. Review all signatures created with affected keys for potential forgery (GitHub Advisory).

Réactions de la communauté

The vulnerability was disclosed by Timothy Legge (the module maintainer) directly to the oss-security mailing list and CVE Announce on July 4–5, 2026, with a clear description and patch (oss-security). The advisory notes that Crypt::DSA was already deprecated in version 1.20, reinforcing the recommendation to migrate away from the module entirely. Community aggregators including Vulners, VulDB, and INCIBE picked up the advisory shortly after publication, and a brief mention appeared on Bluesky infosec feeds, but no significant broader media coverage or notable researcher commentary has been observed beyond the initial disclosure.

Ressources additionnelles


SourceCe rapport a été généré à l’aide de l’IA

Apparenté Linux Debian Vulnérabilités:

Identifiant CVE

Sévérité

Score

Technologies

Nom du composant

Exploit CISA KEV

A corrigé

Date de publication

CVE-2026-14686LOW1.9
  • Linux Debian logoLinux Debian
  • hdrhistogram
NonNonJul 05, 2026
CVE-2026-14685LOW1.9
  • Linux Debian logoLinux Debian
  • hdrhistogram
NonNonJul 05, 2026
CVE-2026-14684LOW1.9
  • Linux Debian logoLinux Debian
  • hdrhistogram
NonNonJul 05, 2026
CVE-2026-14683LOW1.9
  • Linux Debian logoLinux Debian
  • hdrhistogram
NonNonJul 04, 2026
CVE-2026-14570NONEN/A
  • Linux Debian logoLinux Debian
  • libcrypt-dsa-perl
NonNonJul 05, 2026

Évaluation gratuite des vulnérabilités

Évaluez votre posture de sécurité dans le cloud

Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.

Demander une évaluation

Obtenez une démo personnalisée

Prêt(e) à voir Wiz en action ?

"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
David EstlickRSSI
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
Adam FletcherChef du service de sécurité
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."
Greg PoniatowskiResponsable de la gestion des menaces et des vulnérabilités