CVE-2026-41565 - Vulnerability Details

Description

CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers.

The gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify and eax_decrypt_verify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer (MAXBLOCKSIZE) without checking the supplied length. A longer tag overwrites the stack past the buffer. Version 0.088 added the clamp to gcm_decrypt_verify, and 0.088_001 added it to the other three.

Any caller of an affected helper that forwards an attacker-controlled tag longer than the buffer can trigger the overflow.

Published: 2026-05-28

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

CryptX components before version 0.088_001 for Perl contain a stack buffer overflow in four AEAD decrypt_verify helper routines. The routines copy an authentication tag supplied by the caller into a 144‑byte stack buffer without validating the tag’s length, allowing an attacker who can supply a longer tag to overwrite adjacent stack data. This overflow can lead to corruption of the stack frame and potentially arbitrary code execution within the process, compromising confidentiality, integrity, and availability of the affected application.

Affected Systems

The vulnerability exists in all CryptX releases prior to 0.088_001, distributed by MIK under the CryptX product line for Perl. Users of the affected Perl bindings—whether through CPAN or other distribution channels—are impacted unless they have upgraded to the fixed version.

Risk and Exploitability

The CVSS score is not provided, and EPSS data is unavailable, but the presence of a stack-based buffer overflow classifies the risk as high. The exploitation requires an attacker to supply a crafted authentication tag; thus the vulnerability is exploitable in any context where the decryption helpers are invoked with attacker-controlled input. No entry in the CISA KEV list further indicates that widespread exploitation is not yet documented, yet the absence of mitigation makes it prudent to consider the risk significant.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

MIK

CryptX

unaffected

Version	Status	Constraints
`0`	affected	< 0.088_001

No data.

Vendor Product Confidence Versions

Mik

Cryptx

100%

Version	Status	Scheme	Platform
`[0,0.088_001)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

Upgrade to CryptX 0.088_001 or later.

OpenCVE Recommended Actions

Apply the vendor’s official fix by upgrading CryptX to version 0.088_001 or later.
If an immediate upgrade cannot be deployed, replace calls to the vulnerable helper routines with wrappers that enforce a maximum tag length of 144 bytes before copying the tag onto the stack.
Audit the codebase to ensure no paths can supply an authentication tag longer than the expected maximum; remove or refactor any usage of the vulnerable functions that cannot be protected by length checks.

Generated by OpenCVE AI on May 28, 2026 at 16:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/DCIT/perl-CryptX/commit/57e69e541b0718ca8724c2f61514322a2d859bc1.patch
https://github.com/DCIT/perl-CryptX/commit/7e56347d420aaf43b2ee1586f4a230492ccf1642.patch
https://metacpan.org/release/MIK/CryptX-0.088_001

History

Thu, 28 May 2026 17:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mik Mik cryptx
Vendors & Products		Mik Mik cryptx

Thu, 28 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
Description		CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers. The gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify and eax_decrypt_verify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer (MAXBLOCKSIZE) without checking the supplied length. A longer tag overwrites the stack past the buffer. Version 0.088 added the clamp to gcm_decrypt_verify, and 0.088_001 added it to the other three. Any caller of an affected helper that forwards an attacker-controlled tag longer than the buffer can trigger the overflow.
Title		CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers
Weaknesses		CWE-121
References		https://github.com/DCIT/perl-CryptX/commit/57e69e541b0718ca8724c2f61514322a2d859bc1.patch https://github.com/DCIT/perl-CryptX/commit/7e56347d420aaf43b2ee1586f4a230492ccf1642.patch https://metacpan.org/release/MIK/CryptX-0.088_001

Subscriptions

Mik Cryptx

MITRE

Status: PUBLISHED

Assigner: CPANSec

Published: 2026-05-28T14:13:19.301Z

Updated: 2026-05-28T14:13:19.301Z

Reserved: 2026-04-21T12:45:20.133Z

Link: CVE-2026-41565

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-28T16:16:22.343

Modified: 2026-05-28T16:16:22.343

Link: CVE-2026-41565

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-28T16:45:20Z

Weaknesses

CWE-121

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object