Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
{ "binaries": [ { "binary_name": "libcrypt-pbkdf2-perl", "binary_version": "0.160410-1" } ] }
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-9638.json"
{ "binaries": [ { "binary_name": "libcrypt-pbkdf2-perl", "binary_version": "0.161520-1" } ] }
{ "binaries": [ { "binary_name": "libcrypt-pbkdf2-perl", "binary_version": "0.161520-2" } ] }