Crypt::OpenSSL::X509 CVE-2026-58101
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Malformed cert delivered remotely with low complexity and no auth/UI; crash-only so C:N/I:N and A:H, though impact is a single-process SIGSEGV and reachability is application-dependent.
Primary rating from Vendor (CPANSec).
CVSS VectorVendor: CPANSec
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionCVE.org
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference.
X509V3_EXT_d2i(ext) returns NULL when an extension's DER value fails to parse. basicC, ia5string, and auth_att dereference its result without a NULL check. keyid_data also dereferences akid->keyid, which is NULL for an empty AKI SEQUENCE (DER 30 00) even when the parse succeeds.
A caller invoking an affected helper on an extension from an untrusted certificate triggers a SIGSEGV that crashes the Perl process.
AnalysisAI
Denial of service in the Crypt::OpenSSL::X509 Perl module before 2.1.3 lets a malformed X.509 certificate crash any Perl process that parses it. Four helper functions (basicC, ia5string, auth_att, keyid_data) dereference NULL pointers returned by OpenSSL's X509V3_EXT_d2i() on unparseable extensions - and keyid_data/auth_att additionally deref an akid->keyid field that is legitimately NULL for an empty Authority Key Identifier (DER 30 00). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires (1) the target Perl application to invoke one of the affected accessors - basicC (basicConstraints), ia5string, auth_att, or keyid_data (authority/subject key identifier) - on (2) an attacker-supplied, untrusted X.509 certificate. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are internally consistent for a network-reachable availability bug: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H = 7.5, with C:N/I:N confirming this is crash-only with no data exposure or code execution. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker submits an X.509 certificate containing a malformed basicConstraints or authorityKeyIdentifier extension (or an empty AKI SEQUENCE, DER 30 00) to a Perl service that inspects certificates using Crypt::OpenSSL::X509 - for example a TLS client-certificate handler or a certificate-analysis API. When the service calls an affected helper on the crafted extension, X509V3_EXT_d2i returns NULL (or keyid is NULL) and the unchecked dereference triggers a SIGSEGV, killing the process and denying service. … |
| Remediation | Vendor-released patch: upgrade Crypt::OpenSSL::X509 to 2.1.3 or later (the fix commit is https://github.com/dsully/perl-crypt-openssl-x509/commit/4c1e2370556097c253ae27abe9e1097ea377fbd2, released as CPAN 2.1.3). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, audit your infrastructure to identify all Perl applications and services using Crypt::OpenSSL::X509 module and determine current versions in production. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to se
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated hig
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today