CVE-2026-9265

UNKNOWN 0.0

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_attribute() copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen() on the result and pass the inflated length to newSVpvn(), copying attacker-influenced adjacent heap bytes into a Perl scalar.

CWE	CWE-125
Vendor	jonasbn
Product	crypt::openssl::pkcs12
Published	Jun 20, 2026

Stay Ahead of the Next One

Get instant alerts for jonasbn crypt::openssl::pkcs12

Be the first to know when new unknown vulnerabilities affecting jonasbn crypt::openssl::pkcs12 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

JONASBN / Crypt::OpenSSL::PKCS12

0 < 1.96

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55 metacpan.org: https://metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12-1.96/source/Changes.md github.com: https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/a7bd2f319fa8aab8177b3d767ea06dd85ceb3173.patch