Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities by JONASBN

    CVE-2026-58102 (GCVE-0-2026-58102)

    Vulnerability from nvd – Published: 2026-07-13 22:22 – Updated: 2026-07-13 22:22
    VLAI
    Title
    Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts
    Summary
    Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts. When building the extension hash (via extensions(), extensions_by_long_name(), extensions_by_oid(), or has_extension_oid()), the code passes OBJ_obj2txt()'s return value as the hash-key length; because that value is the OID's full text length rather than the bytes written to the fixed-size buffer (129 bytes), an OID whose text is longer than the 129-byte buffer causes a read past the allocation, exposing adjacent heap memory as the returned hash key. extensions_by_name() uses the static shortname path and is not affected.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JONASBN Crypt::OpenSSL::X509 Affected: 0 , < 2.1.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-OpenSSL-X509",
              "product": "Crypt::OpenSSL::X509",
              "programFiles": [
                "X509.xs"
              ],
              "programRoutines": [
                {
                  "name": "hv_exts"
                },
                {
                  "name": "Crypt::OpenSSL::X509::extensions"
                },
                {
                  "name": "Crypt::OpenSSL::X509::extensions_by_long_name"
                },
                {
                  "name": "Crypt::OpenSSL::X509::extensions_by_oid"
                }
              ],
              "repo": "https://github.com/dsully/perl-crypt-openssl-x509",
              "vendor": "JONASBN",
              "versions": [
                {
                  "lessThan": "2.1.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts.\n\nWhen building the extension hash (via extensions(), extensions_by_long_name(), extensions_by_oid(), or has_extension_oid()), the code passes OBJ_obj2txt()\u0027s return value as the hash-key length; because that value is the OID\u0027s full text length rather than the bytes written to the fixed-size buffer (129 bytes), an OID whose text is longer than the 129-byte buffer causes a read past the allocation, exposing adjacent heap memory as the returned hash key. extensions_by_name() uses the static shortname path and is not affected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T22:22:48.618Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/dsully/perl-crypt-openssl-x509/commit/757289bfce095455c104d4adfe9312e7b339620f.patch"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/JONASBN/Crypt-OpenSSL-X509-2.1.3/source/Changes.md"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Crypt::OpenSSL::X509 2.1.3 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts",
          "workarounds": [
            {
              "lang": "en",
              "value": "Callers that must enumerate extensions of untrusted certificates can restrict enumeration to extensions_by_name(), which uses the static shortname path and does not trigger the over-read."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-58102",
        "datePublished": "2026-07-13T22:22:48.618Z",
        "dateReserved": "2026-06-29T06:35:04.718Z",
        "dateUpdated": "2026-07-13T22:22:48.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58101 (GCVE-0-2026-58101)

    Vulnerability from nvd – Published: 2026-07-13 22:17 – Updated: 2026-07-13 22:17
    VLAI
    Title
    Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference
    Summary
    Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3_EXT_d2i(ext) returns NULL when an extension's DER value fails to parse. basicC, ia5string, and auth_att dereference its result without a NULL check. keyid_data also dereferences akid->keyid, which is NULL for an empty AKI SEQUENCE (DER 30 00) even when the parse succeeds. A caller invoking an affected helper on an extension from an untrusted certificate triggers a SIGSEGV that crashes the Perl process.
    Severity
    No CVSS data available.
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    JONASBN Crypt::OpenSSL::X509 Affected: 0 , < 2.1.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-OpenSSL-X509",
              "product": "Crypt::OpenSSL::X509",
              "programFiles": [
                "X509.xs"
              ],
              "programRoutines": [
                {
                  "name": "Crypt::OpenSSL::X509::Extension::basicC"
                },
                {
                  "name": "Crypt::OpenSSL::X509::Extension::ia5string"
                },
                {
                  "name": "Crypt::OpenSSL::X509::Extension::auth_att"
                },
                {
                  "name": "Crypt::OpenSSL::X509::Extension::keyid_data"
                }
              ],
              "repo": "https://github.com/dsully/perl-crypt-openssl-x509",
              "vendor": "JONASBN",
              "versions": [
                {
                  "lessThan": "2.1.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference.\n\nX509V3_EXT_d2i(ext) returns NULL when an extension\u0027s DER value fails to parse. basicC, ia5string, and auth_att dereference its result without a NULL check. keyid_data also dereferences akid-\u003ekeyid, which is NULL for an empty AKI SEQUENCE (DER 30 00) even when the parse succeeds.\n\nA caller invoking an affected helper on an extension from an untrusted certificate triggers a SIGSEGV that crashes the Perl process."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T22:17:48.375Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/dsully/perl-crypt-openssl-x509/commit/4c1e2370556097c253ae27abe9e1097ea377fbd2.patch"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/JONASBN/Crypt-OpenSSL-X509-2.1.3/source/Changes.md"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Crypt::OpenSSL::X509 2.1.3 or later, which NULL-checks each X509V3_EXT_d2i result and the optional keyid field before dereferencing."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-58101",
        "datePublished": "2026-07-13T22:17:48.375Z",
        "dateReserved": "2026-06-29T06:35:04.717Z",
        "dateUpdated": "2026-07-13T22:17:48.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9265 (GCVE-0-2026-9265)

    Vulnerability from nvd – Published: 2026-06-20 00:46 – Updated: 2026-06-22 15:36
    VLAI
    Title
    Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path
    Summary
    Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_attribute() copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen() on the result and pass the inflated length to newSVpvn(), copying attacker-influenced adjacent heap bytes into a Perl scalar.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JONASBN Crypt::OpenSSL::PKCS12 Affected: 0 , < 1.96 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9265",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T15:35:55.865999Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T15:36:11.439Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-OpenSSL-PKCS12",
              "product": "Crypt::OpenSSL::PKCS12",
              "programFiles": [
                "PKCS12.xs"
              ],
              "programRoutines": [
                {
                  "name": "Crypt::OpenSSL::PKCS12::info"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::info_as_hash"
                }
              ],
              "repo": "https://github.com/dsully/perl-crypt-openssl-pkcs12",
              "vendor": "JONASBN",
              "versions": [
                {
                  "lessThan": "1.96",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path.\n\nprint_attribute() copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen() on the result and pass the inflated length to newSVpvn(), copying attacker-influenced adjacent heap bytes into a Perl scalar."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-20T00:46:07.737Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12-1.96/source/Changes.md"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/a7bd2f319fa8aab8177b3d767ea06dd85ceb3173.patch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 1.96 or apply the linked patch."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-9265",
        "datePublished": "2026-06-20T00:46:07.737Z",
        "dateReserved": "2026-05-22T01:38:26.750Z",
        "dateUpdated": "2026-06-22T15:36:11.439Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8721 (GCVE-0-2026-8721)

    Vulnerability from nvd – Published: 2026-05-17 18:51 – Updated: 2026-05-18 12:56
    VLAI
    Title
    Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs
    Summary
    Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to SvPV_nolen. The Perl length is discarded. The C code (or OpenSSL internally) calls strlen() on the buffer. Any password byte at or after the first NULL is silently dropped. Binary / KDF-derived / HMAC-derived passwords lose entropy without any warnings.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-170 - Improper Null Termination
    Assigner
    Impacted products
    Vendor Product Version
    JONASBN Crypt::OpenSSL::PKCS12 Affected: 0 , ≤ 1.94 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-17T21:18:34.820Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/17/6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8721",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-18T12:56:25.907387Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-18T12:56:41.486Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-OpenSSL-PKCS12",
              "product": "Crypt::OpenSSL::PKCS12",
              "programFiles": [
                "PKCS12.xs"
              ],
              "programRoutines": [
                {
                  "name": "Crypt::OpenSSL::PKCS12::mac_ok"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::changepass"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::create"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::create_as_string"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::certificate"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::ca_certificate"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::private_key"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::info_as_hash"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::info"
                }
              ],
              "repo": "https://github.com/dsully/perl-crypt-openssl-pkcs12",
              "vendor": "JONASBN",
              "versions": [
                {
                  "lessThanOrEqual": "1.94",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs.\n\nPassword parameters in PKCS12.xs are declared char *, which routes through Perl\u0027s default typemap to SvPV_nolen.  The Perl length is discarded.\n\nThe C code (or OpenSSL internally) calls strlen() on the buffer.  Any password byte at or after the first NULL is silently dropped. Binary / KDF-derived / HMAC-derived passwords lose entropy without any warnings."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-170",
                  "description": "CWE-170 Improper Null Termination",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-17T18:51:41.420Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12-1.95/view/Changes.md"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to 1.95 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-13T00:00:00.000Z",
              "value": "CPANSec identified issue"
            },
            {
              "lang": "en",
              "time": "2026-05-13T00:00:00.000Z",
              "value": "Author was notified"
            },
            {
              "lang": "en",
              "time": "2026-05-17T00:00:00.000Z",
              "value": "Maintainer released patch version"
            }
          ],
          "title": "Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-8721",
        "datePublished": "2026-05-17T18:51:41.420Z",
        "dateReserved": "2026-05-16T01:07:36.063Z",
        "dateUpdated": "2026-05-18T12:56:41.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8507 (GCVE-0-2026-8507)

    Vulnerability from nvd – Published: 2026-05-17 18:43 – Updated: 2026-05-18 12:55
    VLAI
    Title
    Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws
    Summary
    Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JONASBN Crypt::OpenSSL::PKCS12 Affected: 0 , ≤ 1.94 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-17T21:18:33.078Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/17/5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8507",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-18T12:54:57.804332Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-18T12:55:51.157Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-OpenSSL-PKCS12",
              "product": "Crypt::OpenSSL::PKCS12",
              "programFiles": [
                "PKCS12.xs"
              ],
              "programRoutines": [
                {
                  "name": "Crypt::OpenSSL::PKCS12::info"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::info_as_hash"
                }
              ],
              "repo": "https://github.com/dsully/perl-crypt-openssl-pkcs12",
              "vendor": "JONASBN",
              "versions": [
                {
                  "lessThanOrEqual": "1.94",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws.\n\nWhen parsing a PKCS12 file, with a \u003e= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew()."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-18T00:08:32.838Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12-1.95/view/Changes.md"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/56"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/b9d0469c6d8f5b5c6c2a45a3d0647a532b749397.patch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to 1.95 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-13T00:00:00.000Z",
              "value": "Issue discovered"
            },
            {
              "lang": "en",
              "time": "2026-05-16T00:00:00.000Z",
              "value": "Maintainer notified"
            },
            {
              "lang": "en",
              "time": "2026-05-17T00:00:00.000Z",
              "value": "Public disclosure"
            },
            {
              "lang": "en",
              "time": "2026-05-17T00:00:00.000Z",
              "value": "Crypt-OpenSSL-PKCS12 1.95 released."
            }
          ],
          "title": "Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws",
          "workarounds": [
            {
              "lang": "en",
              "value": "Do not parse untrusted PKCS12 files via info or info_as_hash."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-8507",
        "datePublished": "2026-05-17T18:43:05.863Z",
        "dateReserved": "2026-05-13T22:45:07.737Z",
        "dateUpdated": "2026-05-18T12:55:51.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58102 (GCVE-0-2026-58102)

    Vulnerability from cvelistv5 – Published: 2026-07-13 22:22 – Updated: 2026-07-13 22:22
    VLAI
    Title
    Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts
    Summary
    Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts. When building the extension hash (via extensions(), extensions_by_long_name(), extensions_by_oid(), or has_extension_oid()), the code passes OBJ_obj2txt()'s return value as the hash-key length; because that value is the OID's full text length rather than the bytes written to the fixed-size buffer (129 bytes), an OID whose text is longer than the 129-byte buffer causes a read past the allocation, exposing adjacent heap memory as the returned hash key. extensions_by_name() uses the static shortname path and is not affected.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JONASBN Crypt::OpenSSL::X509 Affected: 0 , < 2.1.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-OpenSSL-X509",
              "product": "Crypt::OpenSSL::X509",
              "programFiles": [
                "X509.xs"
              ],
              "programRoutines": [
                {
                  "name": "hv_exts"
                },
                {
                  "name": "Crypt::OpenSSL::X509::extensions"
                },
                {
                  "name": "Crypt::OpenSSL::X509::extensions_by_long_name"
                },
                {
                  "name": "Crypt::OpenSSL::X509::extensions_by_oid"
                }
              ],
              "repo": "https://github.com/dsully/perl-crypt-openssl-x509",
              "vendor": "JONASBN",
              "versions": [
                {
                  "lessThan": "2.1.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts.\n\nWhen building the extension hash (via extensions(), extensions_by_long_name(), extensions_by_oid(), or has_extension_oid()), the code passes OBJ_obj2txt()\u0027s return value as the hash-key length; because that value is the OID\u0027s full text length rather than the bytes written to the fixed-size buffer (129 bytes), an OID whose text is longer than the 129-byte buffer causes a read past the allocation, exposing adjacent heap memory as the returned hash key. extensions_by_name() uses the static shortname path and is not affected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T22:22:48.618Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/dsully/perl-crypt-openssl-x509/commit/757289bfce095455c104d4adfe9312e7b339620f.patch"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/JONASBN/Crypt-OpenSSL-X509-2.1.3/source/Changes.md"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Crypt::OpenSSL::X509 2.1.3 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts",
          "workarounds": [
            {
              "lang": "en",
              "value": "Callers that must enumerate extensions of untrusted certificates can restrict enumeration to extensions_by_name(), which uses the static shortname path and does not trigger the over-read."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-58102",
        "datePublished": "2026-07-13T22:22:48.618Z",
        "dateReserved": "2026-06-29T06:35:04.718Z",
        "dateUpdated": "2026-07-13T22:22:48.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58101 (GCVE-0-2026-58101)

    Vulnerability from cvelistv5 – Published: 2026-07-13 22:17 – Updated: 2026-07-13 22:17
    VLAI
    Title
    Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference
    Summary
    Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3_EXT_d2i(ext) returns NULL when an extension's DER value fails to parse. basicC, ia5string, and auth_att dereference its result without a NULL check. keyid_data also dereferences akid->keyid, which is NULL for an empty AKI SEQUENCE (DER 30 00) even when the parse succeeds. A caller invoking an affected helper on an extension from an untrusted certificate triggers a SIGSEGV that crashes the Perl process.
    Severity
    No CVSS data available.
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    JONASBN Crypt::OpenSSL::X509 Affected: 0 , < 2.1.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-OpenSSL-X509",
              "product": "Crypt::OpenSSL::X509",
              "programFiles": [
                "X509.xs"
              ],
              "programRoutines": [
                {
                  "name": "Crypt::OpenSSL::X509::Extension::basicC"
                },
                {
                  "name": "Crypt::OpenSSL::X509::Extension::ia5string"
                },
                {
                  "name": "Crypt::OpenSSL::X509::Extension::auth_att"
                },
                {
                  "name": "Crypt::OpenSSL::X509::Extension::keyid_data"
                }
              ],
              "repo": "https://github.com/dsully/perl-crypt-openssl-x509",
              "vendor": "JONASBN",
              "versions": [
                {
                  "lessThan": "2.1.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference.\n\nX509V3_EXT_d2i(ext) returns NULL when an extension\u0027s DER value fails to parse. basicC, ia5string, and auth_att dereference its result without a NULL check. keyid_data also dereferences akid-\u003ekeyid, which is NULL for an empty AKI SEQUENCE (DER 30 00) even when the parse succeeds.\n\nA caller invoking an affected helper on an extension from an untrusted certificate triggers a SIGSEGV that crashes the Perl process."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T22:17:48.375Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/dsully/perl-crypt-openssl-x509/commit/4c1e2370556097c253ae27abe9e1097ea377fbd2.patch"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/JONASBN/Crypt-OpenSSL-X509-2.1.3/source/Changes.md"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Crypt::OpenSSL::X509 2.1.3 or later, which NULL-checks each X509V3_EXT_d2i result and the optional keyid field before dereferencing."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-58101",
        "datePublished": "2026-07-13T22:17:48.375Z",
        "dateReserved": "2026-06-29T06:35:04.717Z",
        "dateUpdated": "2026-07-13T22:17:48.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9265 (GCVE-0-2026-9265)

    Vulnerability from cvelistv5 – Published: 2026-06-20 00:46 – Updated: 2026-06-22 15:36
    VLAI
    Title
    Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path
    Summary
    Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_attribute() copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen() on the result and pass the inflated length to newSVpvn(), copying attacker-influenced adjacent heap bytes into a Perl scalar.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JONASBN Crypt::OpenSSL::PKCS12 Affected: 0 , < 1.96 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9265",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T15:35:55.865999Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T15:36:11.439Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-OpenSSL-PKCS12",
              "product": "Crypt::OpenSSL::PKCS12",
              "programFiles": [
                "PKCS12.xs"
              ],
              "programRoutines": [
                {
                  "name": "Crypt::OpenSSL::PKCS12::info"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::info_as_hash"
                }
              ],
              "repo": "https://github.com/dsully/perl-crypt-openssl-pkcs12",
              "vendor": "JONASBN",
              "versions": [
                {
                  "lessThan": "1.96",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path.\n\nprint_attribute() copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen() on the result and pass the inflated length to newSVpvn(), copying attacker-influenced adjacent heap bytes into a Perl scalar."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-20T00:46:07.737Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12-1.96/source/Changes.md"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/a7bd2f319fa8aab8177b3d767ea06dd85ceb3173.patch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 1.96 or apply the linked patch."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-9265",
        "datePublished": "2026-06-20T00:46:07.737Z",
        "dateReserved": "2026-05-22T01:38:26.750Z",
        "dateUpdated": "2026-06-22T15:36:11.439Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8721 (GCVE-0-2026-8721)

    Vulnerability from cvelistv5 – Published: 2026-05-17 18:51 – Updated: 2026-05-18 12:56
    VLAI
    Title
    Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs
    Summary
    Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to SvPV_nolen. The Perl length is discarded. The C code (or OpenSSL internally) calls strlen() on the buffer. Any password byte at or after the first NULL is silently dropped. Binary / KDF-derived / HMAC-derived passwords lose entropy without any warnings.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-170 - Improper Null Termination
    Assigner
    Impacted products
    Vendor Product Version
    JONASBN Crypt::OpenSSL::PKCS12 Affected: 0 , ≤ 1.94 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-17T21:18:34.820Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/17/6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8721",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-18T12:56:25.907387Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-18T12:56:41.486Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-OpenSSL-PKCS12",
              "product": "Crypt::OpenSSL::PKCS12",
              "programFiles": [
                "PKCS12.xs"
              ],
              "programRoutines": [
                {
                  "name": "Crypt::OpenSSL::PKCS12::mac_ok"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::changepass"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::create"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::create_as_string"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::certificate"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::ca_certificate"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::private_key"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::info_as_hash"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::info"
                }
              ],
              "repo": "https://github.com/dsully/perl-crypt-openssl-pkcs12",
              "vendor": "JONASBN",
              "versions": [
                {
                  "lessThanOrEqual": "1.94",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs.\n\nPassword parameters in PKCS12.xs are declared char *, which routes through Perl\u0027s default typemap to SvPV_nolen.  The Perl length is discarded.\n\nThe C code (or OpenSSL internally) calls strlen() on the buffer.  Any password byte at or after the first NULL is silently dropped. Binary / KDF-derived / HMAC-derived passwords lose entropy without any warnings."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-170",
                  "description": "CWE-170 Improper Null Termination",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-17T18:51:41.420Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12-1.95/view/Changes.md"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to 1.95 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-13T00:00:00.000Z",
              "value": "CPANSec identified issue"
            },
            {
              "lang": "en",
              "time": "2026-05-13T00:00:00.000Z",
              "value": "Author was notified"
            },
            {
              "lang": "en",
              "time": "2026-05-17T00:00:00.000Z",
              "value": "Maintainer released patch version"
            }
          ],
          "title": "Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-8721",
        "datePublished": "2026-05-17T18:51:41.420Z",
        "dateReserved": "2026-05-16T01:07:36.063Z",
        "dateUpdated": "2026-05-18T12:56:41.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8507 (GCVE-0-2026-8507)

    Vulnerability from cvelistv5 – Published: 2026-05-17 18:43 – Updated: 2026-05-18 12:55
    VLAI
    Title
    Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws
    Summary
    Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JONASBN Crypt::OpenSSL::PKCS12 Affected: 0 , ≤ 1.94 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-17T21:18:33.078Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/17/5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8507",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-18T12:54:57.804332Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-18T12:55:51.157Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-OpenSSL-PKCS12",
              "product": "Crypt::OpenSSL::PKCS12",
              "programFiles": [
                "PKCS12.xs"
              ],
              "programRoutines": [
                {
                  "name": "Crypt::OpenSSL::PKCS12::info"
                },
                {
                  "name": "Crypt::OpenSSL::PKCS12::info_as_hash"
                }
              ],
              "repo": "https://github.com/dsully/perl-crypt-openssl-pkcs12",
              "vendor": "JONASBN",
              "versions": [
                {
                  "lessThanOrEqual": "1.94",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws.\n\nWhen parsing a PKCS12 file, with a \u003e= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew()."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-18T00:08:32.838Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12-1.95/view/Changes.md"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/56"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/b9d0469c6d8f5b5c6c2a45a3d0647a532b749397.patch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to 1.95 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-13T00:00:00.000Z",
              "value": "Issue discovered"
            },
            {
              "lang": "en",
              "time": "2026-05-16T00:00:00.000Z",
              "value": "Maintainer notified"
            },
            {
              "lang": "en",
              "time": "2026-05-17T00:00:00.000Z",
              "value": "Public disclosure"
            },
            {
              "lang": "en",
              "time": "2026-05-17T00:00:00.000Z",
              "value": "Crypt-OpenSSL-PKCS12 1.95 released."
            }
          ],
          "title": "Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws",
          "workarounds": [
            {
              "lang": "en",
              "value": "Do not parse untrusted PKCS12 files via info or info_as_hash."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-8507",
        "datePublished": "2026-05-17T18:43:05.863Z",
        "dateReserved": "2026-05-13T22:45:07.737Z",
        "dateUpdated": "2026-05-18T12:55:51.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }