Crypt::NaCl::Sodium Integer Overflow Vulnerability in Perl

A vulnerability allowing for integer overflow has been identified in the Crypt::NaCl::Sodium Perl module, specifically in versions through 2.002. The issue arises in the bin2hex, encrypt, aes256gcm_encrypt_afternm, and seal functions, which fail to validate that the output size will remain below the maximum size limit. This oversight could result in an integer wraparound, leading to an inadequately sized output buffer. While exploitation of this vulnerability is unlikely due to the need for a very large message length, it still poses a potential risk.

Impact

Exploitation of this vulnerability could cause an integer overflow, resulting in an output buffer that is smaller than expected. This could lead to buffer-related issues, such as memory corruption or other vulnerabilities commonly associated with improper buffer management.

Reproduction

The vulnerability can be reproduced by using the affected functions with input lengths that exceed the thresholds for causing an integer overflow. For example, in the bin2hex function, an input length greater than half of the maximum size can trigger the overflow. Similarly, the encrypt and aes256gcm_encrypt_afternm functions can be exploited by providing a message length that exceeds the maximum size limit minus 16 bytes. The seal function has a similar vulnerability when the encrypted length exceeds the maximum size limit minus 64 bytes.

Remediation

Users can upgrade to Crypt::NaCl::Sodium version 2.003 or later, where this vulnerability has been fixed.