Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Debian Linux: Unauthenticated Remote Code Execution
DEBIAN-CVE-2026-8507
Summary
Debian Linux systems are affected. An attacker can remotely execute code on a vulnerable system without needing a password. This can lead to unauthorized access and data theft. Users should update their Debian systems as soon as possible to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Debian:11 | debian | libcrypt-openssl-pkcs12-perl | All versions |
| Debian:13 | debian | libcrypt-openssl-pkcs12-perl | All versions |
| Debian:14 | debian | libcrypt-openssl-pkcs12-perl | All versions |
Original title
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via inf...
Original description
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().
- https://security-tracker.debian.org/tracker/CVE-2026-8507 Vendor Advisory
Published: 17 May 2026 · Updated: 19 May 2026 · First seen: 17 May 2026