Is there a patch available for EUVD-2026-32906?

Yes, a patch is available for EUVD-2026-32906. Update the affected software to the latest version immediately.

Cryptx EUVD-2026-32906

| CVE-2026-41565

Stack-based Buffer Overflow (CWE-121)

2026-05-28 CPANSec

GHSA-4p3p-7392-hjw4

Buffer Overflow Stack Overflow Cryptx

Lifecycle Timeline

CVE Published

May 28, 2026 - 14:13 nvd

UNKNOWN (no severity yet)

DescriptionNVD

CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers.

The gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify and eax_decrypt_verify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer (MAXBLOCKSIZE) without checking the supplied length. A longer tag overwrites the stack past the buffer. Version 0.088 added the clamp to gcm_decrypt_verify, and 0.088_001 added it to the other three.

Any caller of an affected helper that forwards an attacker-controlled tag longer than the buffer can trigger the overflow.

Analysis

CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers. The gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify and eax_decrypt_verify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer (MAXBLOCKSIZE) without checking the supplied length. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-32906 vulnerability details – vuln.today

Back

Cryptx EUVD-2026-32906

Lifecycle Timeline

DescriptionNVD

Analysis

Full analysis requires sign-in

Share

External POC / Exploit Code