Denial of Service Vulnerability in Crypt::OpenSSL::X509 for Perl
CVE-2026-58101

Currently unrated

Key Information:

Vendor

Jonasbn

Vendor
CVE Published:
13 July 2026

What is CVE-2026-58101?

The Crypt::OpenSSL::X509 module for Perl contains a vulnerability that allows an attacker to cause a denial of service. When an extension's DER value fails to parse, certain functions fail to implement a NULL check, leading to a NULL pointer dereference. This oversight can result in a SIGSEGV error that crashes the Perl process. An untrusted certificate from which the module retrieves extensions can exploit this flaw, prompting a crash and loss of service. Users are urged to upgrade to version 2.1.3 or later to mitigate this issue.

Affected Version(s)

Crypt::OpenSSL::X509 0 < 2.1.3

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.