CVE Catalog

CVE-2026-8507

Critical
Published: Translated: NVD NIST

Summary

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file with a >= 1 GiB OCTET STRING (or BIT STRING) attribute, a heap out-of-bounds write could be triggered, leading to remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().

Risk Assessment

Organizations may be exposed to remote code execution, which can lead to serious security breaches and data loss. Exploitation of this vulnerability could allow attackers to gain control over the system.

Recommendation

It is recommended to upgrade to the latest version of Crypt::OpenSSL::PKCS12 to mitigate this vulnerability. Additionally, systems should be monitored for unauthorized activities and a security audit should be conducted.

Original NVD description (English source)

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().

Vulnerability data from NVD (NIST) · CISA KEV · EPSS