๐Ÿ” CVE Alert

CVE-2026-58101

HIGH 7.5

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference

CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3_EXT_d2i(ext) returns NULL when an extension's DER value fails to parse. basicC, ia5string, and auth_att dereference its result without a NULL check. keyid_data also dereferences akid->keyid, which is NULL for an empty AKI SEQUENCE (DER 30 00) even when the parse succeeds. A caller invoking an affected helper on an extension from an untrusted certificate triggers a SIGSEGV that crashes the Perl process.

CWE CWE-476
Vendor jonasbn
Product crypt::openssl::x509
Published Jul 13, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for jonasbn crypt::openssl::x509

Be the first to know when new high vulnerabilities affecting jonasbn crypt::openssl::x509 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

JONASBN / Crypt::OpenSSL::X509
0 < 2.1.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/dsully/perl-crypt-openssl-x509/commit/4c1e2370556097c253ae27abe9e1097ea377fbd2.patch metacpan.org: https://metacpan.org/release/JONASBN/Crypt-OpenSSL-X509-2.1.3/source/Changes.md