CVE-2026-8507
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().
| CWE | CWE-787 |
| Vendor | jonasbn |
| Product | crypt::openssl::pkcs12 |
| Published | May 17, 2026 |
| Last Updated | May 18, 2026 |
Stay Ahead of the Next One
Get instant alerts for jonasbn crypt::openssl::pkcs12
Be the first to know when new critical vulnerabilities affecting jonasbn crypt::openssl::pkcs12 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
JONASBN / Crypt::OpenSSL::PKCS12
0 โค 1.94
References
metacpan.org: https://metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12-1.95/view/Changes.md github.com: https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55 github.com: https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/56 github.com: https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/b9d0469c6d8f5b5c6c2a45a3d0647a532b749397.patch openwall.com: http://www.openwall.com/lists/oss-security/2026/05/17/5