Description
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws.

When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().
Published: 2026-05-17
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap out‑of‑bounds write flaw exists in Crypt::OpenSSL::PKCS12 for Perl versions through 1.94 when a PKCS12 file contains a SAFEBAG with an OCTET STRING or BIT STRING attribute of one gigabyte or larger. Invoking the info() or info_as_hash() functions triggers a signed integer overflow in the size calculation passed to Renew(), resulting in hostile memory corruption with the potential for remote code execution (RCE). The weakness is identified as CWE‑787.

Affected Systems

The vulnerable product is Crypt::OpenSSL::PKCS12 provided by vendor JONASBN. All releases up to and including 1.94 are affected; release 1.95 and later contain the fix.

Risk and Exploitability

The vulnerability carries high risk because it can be abused to corrupt heap memory and potentially execute arbitrary code. The CVSS score of 9.8 indicates critical severity. The EPSS score of 8e-05 indicates a very low but nonzero exploitation probability, and the flaw is not listed in the CISA KEV catalog. Exploitation requires an attacker to supply a crafted PKCS12 file with a ≥1 GiB attribute to an application that processes the file using info() or info_as_hash().

Generated by OpenCVE AI on May 18, 2026 at 15:35 UTC.

Remediation

Vendor Solution

Upgrade to 1.95 or later.

Vendor Workaround

Do not parse untrusted PKCS12 files via info or info_as_hash.

OpenCVE Recommended Actions

  • Upgrade to Crypt::OpenSSL::PKCS12 1.95 or later.
  • Avoid parsing untrusted PKCS12 files with info() or info_as_hash(); if upgrading is delayed, validate file sizes and reject any OCTET STRING or BIT STRING attribute of 1 GiB or larger.
  • Restrict the use of Crypt::OpenSSL::PKCS12 to code paths with least privilege and audit all applications for the presence of safe handling or updated versions.

Generated by OpenCVE AI on May 18, 2026 at 15:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 18 May 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Jonasbn
Jonasbn crypt::openssl::pkcs12
Vendors & Products Jonasbn
Jonasbn crypt::openssl::pkcs12

Mon, 18 May 2026 00:15:00 +0000

Type Values Removed Values Added
Description Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of bound (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap-OOB-WRITE would be triggered which could have Remote Code Execution (RCE) potential. Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().
Title Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of bound (OOB) write flaws Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws

Sun, 17 May 2026 22:30:00 +0000

Type Values Removed Values Added
References

Sun, 17 May 2026 19:00:00 +0000

Type Values Removed Values Added
Description Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of bound (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap-OOB-WRITE would be triggered which could have Remote Code Execution (RCE) potential.
Title Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of bound (OOB) write flaws
Weaknesses CWE-787
References

Subscriptions

Jonasbn Crypt::openssl::pkcs12
cve-icon MITRE

Status: PUBLISHED

Assigner: CPANSec

Published:

Updated: 2026-05-18T12:55:51.157Z

Reserved: 2026-05-13T22:45:07.737Z

Link: CVE-2026-8507

cve-icon Vulnrichment

Updated: 2026-05-18T12:55:46.046Z

cve-icon NVD

Status : Deferred

Published: 2026-05-17T19:16:24.590

Modified: 2026-05-18T17:40:45.343

Link: CVE-2026-8507

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T15:45:26Z

Weaknesses