top of page
perceptive_background_267k.jpg

Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt.

Net::Dropbear versions before 0.14 includes versions of Dropbear 2019…

Published:

20 April 2026 at 22:00:00

Alert date:

21 April 2026 at 18:10:28

Source:

nvd.nist.gov

Click to open the original link from this advisory

Supply Chain & Dependencies, Network Infrastructure

Net::Dropbear versions before 0.14 for Perl contain a vulnerable version of libtomcrypt. The affected versions include Dropbear 2019.78 or earlier with libtomcrypt v1.18.1 or earlier. This vulnerability is related to two existing CVEs: CVE-2016-6129 and CVE-2018-12437. Users should upgrade to Net::Dropbear version 0.14 or later to address this security issue. The vulnerability affects the cryptographic library used by the Dropbear SSH implementation in Perl.

Technical details

Mitigation steps:

Affected products:

Net::Dropbear
Dropbear
libtomcrypt

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-15638
https://metacpan.org/release/ATRODO/Net-Dropbear-0.14/source/dropbear/libtomcrypt/changes
https://www.cve.org/CVERecord?id=CVE-2016-6129
https://www.cve.org/CVERecord?id=CVE-2018-12437

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page