Heap Out-of-Bounds Read Vulnerability in Crypt::OpenSSL::X509 for Perl
CVE-2026-58102
What is CVE-2026-58102?
The Crypt::OpenSSL::X509 library for Perl presents a security concern where versions prior to 2.1.3 are susceptible to heap out-of-bounds reads. This vulnerability arises during the handling of certificate extension OIDs, wherein a lengthy OID can result in reading beyond allocated memory boundaries. Specifically, when creating the extension hash through available functions like extensions() and has_extension_oid(), the library incorrectly calculates the key length based on the full text length of the OID, rather than the bytes that can be safely stored in a fixed-size buffer. This flaw can potentially expose adjacent heap memory. The extensions_by_name function remains unaffected as it utilizes a static shortname path.
Affected Version(s)
Crypt::OpenSSL::X509 0 < 2.1.3
