Out-of-Bounds Write Vulnerability in Crypt::OpenSSL::PKCS12 for Perl
CVE-2026-8507

9.8CRITICAL

Key Information:

Vendor

Jonasbn

Status
Crypt::OpenSSL::pkcs12
Vendor
CVE Published:
17 May 2026

What is CVE-2026-8507?

The Crypt::OpenSSL::PKCS12 library for Perl has a vulnerability that allows an out-of-bounds write when processing a PKCS12 file with large OCTET STRING or BIT STRING attributes. This flaw occurs via the info() or info_as_hash() functions, where a maliciously crafted file could lead to heap corruption. Exploiting this vulnerability could potentially enable remote code execution, posing significant security risks for systems utilizing this library.

Affected Version(s)

Crypt::OpenSSL::PKCS12 0 <= 1.94

References

https://metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12...
release-notes
https://github.com/dsully/perl-crypt-openssl-pkcs12/issue...
issue-tracking
https://github.com/dsully/perl-crypt-openssl-pkcs12/issue...
issue-tracking

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.