Denial of Service Vulnerability in Crypt::OpenSSL::X509 for Perl
CVE-2026-58101
Currently unrated
What is CVE-2026-58101?
The Crypt::OpenSSL::X509 module for Perl contains a vulnerability that allows an attacker to cause a denial of service. When an extension's DER value fails to parse, certain functions fail to implement a NULL check, leading to a NULL pointer dereference. This oversight can result in a SIGSEGV error that crashes the Perl process. An untrusted certificate from which the module retrieves extensions can exploit this flaw, prompting a crash and loss of service. Users are urged to upgrade to version 2.1.3 or later to mitigate this issue.
Affected Version(s)
Crypt::OpenSSL::X509 0 < 2.1.3
