CVE-2026-58101
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3_EXT_d2i(ext) returns NULL when an extension's DER value fails to parse. basicC, ia5string, and auth_att dereference its result without a NULL check. keyid_data also dereferences akid->keyid, which is NULL for an empty AKI SEQUENCE (DER 30 00) even when the parse succeeds. A caller invoking an affected helper on an extension from an untrusted certificate triggers a SIGSEGV that crashes the Perl process.
| CWE | CWE-476 |
| Vendor | jonasbn |
| Product | crypt::openssl::x509 |
| Published | Jul 13, 2026 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for jonasbn crypt::openssl::x509
Be the first to know when new high vulnerabilities affecting jonasbn crypt::openssl::x509 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
JONASBN / Crypt::OpenSSL::X509
0 < 2.1.3