Skip to main content

Crypt::OpenSSL::PKCS12 CVE-2026-8507

| EUVDEUVD-2026-30708 CRITICAL
Out-of-bounds Write (CWE-787)
2026-05-17 9b29abf9-4ab0-4765-b253-1875cd9b441e GHSA-3qmj-qw66-fwx8
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Source Code Evidence Fetched
May 18, 2026 - 13:22 vuln.today
Analysis Generated
May 18, 2026 - 13:22 vuln.today
CVSS changed
May 18, 2026 - 13:22 NVD
9.8 (CRITICAL)
CVE Published
May 17, 2026 - 19:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of bound (OOB) write flaws.

When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap-OOB-WRITE would be triggered which could have Remote Code Execution (RCE) potential.

AnalysisAI

Heap out-of-bounds write in the Crypt::OpenSSL::PKCS12 Perl module (versions up to and including 1.94) allows attackers who can supply a malicious PKCS12 file processed via info() or info_as_hash() to corrupt heap memory and potentially achieve remote code execution. The flaw stems from an integer overflow when an OCTET STRING or BIT STRING attribute on a SAFEBAG is >= 1 GiB in size, causing an undersized allocation followed by an OOB write. No public exploit identified at time of analysis, but the upstream patch and oss-security disclosure are public.

Technical ContextAI

Crypt::OpenSSL::PKCS12 is a Perl XS binding around OpenSSL's PKCS#12 parsing routines, used to read keystore-style files containing certificates, private keys, and metadata attributes attached to SAFEBAG structures. The flaw is a classic CWE-787 (Out-of-bounds Write) caused by an unchecked integer multiplication in PKCS12.xs::print_attribute(): the code performed Renew(*attribute, av->value.octet_string->length * 4, char) (and the analogous BIT STRING branch) where length is a signed int. When length is >= ~1 GiB, the multiplication by 4 overflows INT_MAX, the allocator receives a wrapped/small size, and subsequent copies of the original (huge) string overflow the heap buffer. The fix in commit b9d04 (released as 1.95) adds explicit bounds checks against INT_MAX/4 and croaks before allocation.

RemediationAI

Vendor-released patch: upgrade Crypt::OpenSSL::PKCS12 to 1.95 or later from CPAN (cpanm Crypt::OpenSSL::PKCS12), which adds INT_MAX/4 bounds checks on OCTET STRING and BIT STRING attribute lengths before the Renew() call per commit b9d0469c6d8f5b5c6c2a45a3d0647a532b749397. Where immediate upgrade is not possible, avoid calling info() or info_as_hash() on PKCS12 files originating from untrusted sources, or pre-validate that input files are not pathologically large (a 1 GiB+ PKCS12 is extremely unusual in practice, so rejecting files above a few MB is a low-impact compensating control). Audit downstream Perl applications and packaged distributions (Linux distro perl-Crypt-OpenSSL-PKCS12 packages) for transitive use, and consult the oss-security disclosure at http://www.openwall.com/lists/oss-security/2026/05/17/5 and VulDB entry https://vuldb.com/vuln/364432 for additional context.

CVE-2014-0160 HIGH POC
7.5 Apr 07

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe

CVE-2014-0195 MEDIUM POC
6.8 Jun 05

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2016-0800 MEDIUM POC
5.9 Mar 01

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to se

CVE-2015-0204 MEDIUM POC
4.3 Jan 09

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k

CVE-2014-3566 LOW POC
3.4 Oct 15

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak

CVE-2016-2107 MEDIUM POC
5.9 May 05

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a

CVE-2015-1793 MEDIUM POC
6.5 Jul 09

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly

CVE-2022-3602 HIGH
7.5 Nov 01

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated hig

CVE-2014-3470 MEDIUM
4.3 Jun 05

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before

CVE-2017-3730 HIGH POC
7.5 May 04

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this

CVE-2016-8610 HIGH
7.5 Nov 13

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto

Share

CVE-2026-8507 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy