UBUNTU-CVE-2026-9641

Source
https://ubuntu.com/security/CVE-2026-9641
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-9641.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-9641
Upstream
  • CVE-2026-9641
Published
2026-06-12T16:16:00Z
Modified
2026-06-17T04:26:58Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000 iterations should be used.

References

Affected packages

Ubuntu:16.04:LTS
libcrypt-pbkdf2-perl

Package

Name
libcrypt-pbkdf2-perl
Purl
pkg:deb/ubuntu/libcrypt-pbkdf2-perl?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.150900-1
0.160410-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libcrypt-pbkdf2-perl",
            "binary_version": "0.160410-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-9641.json"
Ubuntu:18.04:LTS
libcrypt-pbkdf2-perl

Package

Name
libcrypt-pbkdf2-perl
Purl
pkg:deb/ubuntu/libcrypt-pbkdf2-perl?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.161520-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libcrypt-pbkdf2-perl",
            "binary_version": "0.161520-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-9641.json"
Ubuntu:20.04:LTS
libcrypt-pbkdf2-perl

Package

Name
libcrypt-pbkdf2-perl
Purl
pkg:deb/ubuntu/libcrypt-pbkdf2-perl?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.161520-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libcrypt-pbkdf2-perl",
            "binary_version": "0.161520-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-9641.json"
Ubuntu:22.04:LTS
libcrypt-pbkdf2-perl

Package

Name
libcrypt-pbkdf2-perl
Purl
pkg:deb/ubuntu/libcrypt-pbkdf2-perl?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.161520-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libcrypt-pbkdf2-perl",
            "binary_version": "0.161520-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-9641.json"
Ubuntu:24.04:LTS
libcrypt-pbkdf2-perl

Package

Name
libcrypt-pbkdf2-perl
Purl
pkg:deb/ubuntu/libcrypt-pbkdf2-perl?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.161520-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libcrypt-pbkdf2-perl",
            "binary_version": "0.161520-2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-9641.json"
Ubuntu:25.10
libcrypt-pbkdf2-perl

Package

Name
libcrypt-pbkdf2-perl
Purl
pkg:deb/ubuntu/libcrypt-pbkdf2-perl?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.161520-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libcrypt-pbkdf2-perl",
            "binary_version": "0.161520-2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-9641.json"
Ubuntu:26.04:LTS
libcrypt-pbkdf2-perl

Package

Name
libcrypt-pbkdf2-perl
Purl
pkg:deb/ubuntu/libcrypt-pbkdf2-perl?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.161520-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libcrypt-pbkdf2-perl",
            "binary_version": "0.161520-2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-9641.json"