Skip to main content

Crypt::OpenSSL::X509 CVE-2026-58102

CRITICAL
Out-of-bounds Read (CWE-125)
2026-07-13 CPANSec
9.1
CVSS 3.1 · Vendor: CPANSec
Share

Severity by source

Vendor (CPANSec) PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
vuln.today AI
8.2 HIGH

A single crafted certificate parsed by the app triggers it (AV:N/AC:L/PR:N/UI:N); heap disclosure justifies C:H, while an over-read only sometimes crashes, so A:L not A:H and no integrity impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (CPANSec).

CVSS VectorVendor: CPANSec

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

5
Source Code Evidence Fetched
Jul 14, 2026 - 15:31 vuln.today
Analysis Generated
Jul 14, 2026 - 15:31 vuln.today
CVSS changed
Jul 14, 2026 - 13:22 NVD
9.1 (CRITICAL)
CVE Published
Jul 13, 2026 - 22:22 cve.org
CRITICAL 9.1
CVE Published
Jul 13, 2026 - 22:22 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts.

When building the extension hash (via extensions(), extensions_by_long_name(), extensions_by_oid(), or has_extension_oid()), the code passes OBJ_obj2txt()'s return value as the hash-key length; because that value is the OID's full text length rather than the bytes written to the fixed-size buffer (129 bytes), an OID whose text is longer than the 129-byte buffer causes a read past the allocation, exposing adjacent heap memory as the returned hash key. extensions_by_name() uses the static shortname path and is not affected.

AnalysisAI

Heap out-of-bounds read in the Crypt::OpenSSL::X509 Perl module (versions before 2.1.3) lets a crafted X.509 certificate leak adjacent heap memory to an application that enumerates certificate extensions. When code calls extensions(), extensions_by_long_name(), extensions_by_oid(), or has_extension_oid(), a certificate extension whose textual OID exceeds the fixed 129-byte buffer causes the returned hash key to include bytes read past the allocation, exposing process memory and risking a crash. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Craft X.509 cert with oversized extension OID
Delivery
Deliver cert to Perl app parsing it
Exploit
App calls extensions()/has_extension_oid() building hv_exts
Install
OBJ_obj2txt length used as hash-key size
C2
Read past 129-byte buffer allocation
Execute
Adjacent heap bytes returned as hash key
Impact
Memory disclosed or parser crash

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target Perl application parse an attacker-supplied X.509 certificate AND invoke one of the OID/long-name extension-enumeration functions on it - specifically extensions(), extensions_by_long_name(), extensions_by_oid(), or has_extension_oid() - since these drive the vulnerable hv_exts() long-OID path. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The raw CVSS 3.1 score is 9.1 (AV:N/AC:L/PR:N/UI:N/C:H/I:N/A:H), which looks critical, but the multi-source signals temper that: CISA SSVC rates Exploitation as 'none', Automatable 'yes', and Technical Impact only 'partial' - consistent with an information-disclosure/crash bug rather than code execution. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts an X.509 certificate containing an extension whose OID renders to a textual form longer than 129 bytes and presents it to a Perl service (for example a TLS client-cert validator, S/MIME processor, or certificate-inspection tool) that enumerates extensions via extensions() or has_extension_oid(). When the module builds the extension hash, OBJ_obj2txt()'s length is used as the hash-key length, reading past the buffer and returning adjacent heap bytes as the key - which the application may log, store, or return, disclosing process memory or crashing the parser. …
Remediation Vendor-released patch: upgrade to Crypt::OpenSSL::X509 version 2.1.3 or later, which sizes the key buffer to the length reported by OBJ_obj2txt() and stores strlen() of the written key instead of the return value (fix commit https://github.com/dsully/perl-crypt-openssl-x509/commit/757289bfce095455c104d4adfe9312e7b339620f.patch; release notes at https://metacpan.org/release/JONASBN/Crypt-OpenSSL-X509-2.1.3/source/Changes.md). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify all systems and applications using Crypt::OpenSSL::X509 and determine which handle untrusted certificates or are network-accessible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2014-0160 HIGH POC
7.5 Apr 07

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe

CVE-2014-0195 MEDIUM POC
6.8 Jun 05

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2016-0800 MEDIUM POC
5.9 Mar 01

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to se

CVE-2015-0204 MEDIUM POC
4.3 Jan 09

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k

CVE-2014-3566 LOW POC
3.4 Oct 15

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak

CVE-2016-2107 MEDIUM POC
5.9 May 05

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a

CVE-2015-1793 MEDIUM POC
6.5 Jul 09

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly

CVE-2022-3602 HIGH
7.5 Nov 01

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated hig

CVE-2014-3470 MEDIUM
4.3 Jun 05

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before

CVE-2017-3730 HIGH POC
7.5 May 04

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this

CVE-2016-8610 HIGH
7.5 Nov 13

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto

Share

CVE-2026-58102 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy