Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Debian Linux: Remote Code Execution in Samba
DEBIAN-CVE-2026-8721
Summary
Debian Linux users who use Samba for file sharing may be at risk of remote code execution attacks. This means an attacker could potentially take control of a vulnerable system. Users should update their Samba packages to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Debian:11 | debian | libcrypt-openssl-pkcs12-perl | All versions |
| Debian:13 | debian | libcrypt-openssl-pkcs12-perl | All versions |
| Debian:14 | debian | libcrypt-openssl-pkcs12-perl | All versions |
Original title
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to ...
Original description
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to SvPV_nolen. The Perl length is discarded. The C code (or OpenSSL internally) calls strlen() on the buffer. Any password byte at or after the first NULL is silently dropped. Binary / KDF-derived / HMAC-derived passwords lose entropy without any warnings.
- https://security-tracker.debian.org/tracker/CVE-2026-8721 Vendor Advisory
Published: 17 May 2026 · Updated: 19 May 2026 · First seen: 17 May 2026