Crypt::OpenSSL::X509 CVE-2026-58102
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
A single crafted certificate parsed by the app triggers it (AV:N/AC:L/PR:N/UI:N); heap disclosure justifies C:H, while an over-read only sometimes crashes, so A:L not A:H and no integrity impact.
Primary rating from Vendor (CPANSec).
CVSS VectorVendor: CPANSec
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
5DescriptionCVE.org
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts.
When building the extension hash (via extensions(), extensions_by_long_name(), extensions_by_oid(), or has_extension_oid()), the code passes OBJ_obj2txt()'s return value as the hash-key length; because that value is the OID's full text length rather than the bytes written to the fixed-size buffer (129 bytes), an OID whose text is longer than the 129-byte buffer causes a read past the allocation, exposing adjacent heap memory as the returned hash key. extensions_by_name() uses the static shortname path and is not affected.
Articles & Coverage 1
AnalysisAI
Heap out-of-bounds read in the Crypt::OpenSSL::X509 Perl module (versions before 2.1.3) lets a crafted X.509 certificate leak adjacent heap memory to an application that enumerates certificate extensions. When code calls extensions(), extensions_by_long_name(), extensions_by_oid(), or has_extension_oid(), a certificate extension whose textual OID exceeds the fixed 129-byte buffer causes the returned hash key to include bytes read past the allocation, exposing process memory and risking a crash. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target Perl application parse an attacker-supplied X.509 certificate AND invoke one of the OID/long-name extension-enumeration functions on it - specifically extensions(), extensions_by_long_name(), extensions_by_oid(), or has_extension_oid() - since these drive the vulnerable hv_exts() long-OID path. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The raw CVSS 3.1 score is 9.1 (AV:N/AC:L/PR:N/UI:N/C:H/I:N/A:H), which looks critical, but the multi-source signals temper that: CISA SSVC rates Exploitation as 'none', Automatable 'yes', and Technical Impact only 'partial' - consistent with an information-disclosure/crash bug rather than code execution. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts an X.509 certificate containing an extension whose OID renders to a textual form longer than 129 bytes and presents it to a Perl service (for example a TLS client-cert validator, S/MIME processor, or certificate-inspection tool) that enumerates extensions via extensions() or has_extension_oid(). When the module builds the extension hash, OBJ_obj2txt()'s length is used as the hash-key length, reading past the buffer and returning adjacent heap bytes as the key - which the application may log, store, or return, disclosing process memory or crashing the parser. … |
| Remediation | Vendor-released patch: upgrade to Crypt::OpenSSL::X509 version 2.1.3 or later, which sizes the key buffer to the length reported by OBJ_obj2txt() and stores strlen() of the written key instead of the return value (fix commit https://github.com/dsully/perl-crypt-openssl-x509/commit/757289bfce095455c104d4adfe9312e7b339620f.patch; release notes at https://metacpan.org/release/JONASBN/Crypt-OpenSSL-X509-2.1.3/source/Changes.md). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, identify all systems and applications using Crypt::OpenSSL::X509 and determine which handle untrusted certificates or are network-accessible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to se
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated hig
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today