Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-8507: Perl Crypt::OpenSSL::PKCS12: Large File Parsing Risk
CVE-2026-8507
Summary
Perl's Crypt::OpenSSL::PKCS12 module is vulnerable to a security risk when parsing large files. This could allow an attacker to potentially execute malicious code on your system. Update to the latest version of the module to fix this issue.
Original title
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws.
When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via inf...
Original description
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws.
When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().
When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().
Vulnerability type
CWE-787
Out-of-bounds Write
- https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/b9d0469c6d8f5b5c6c2a4...
- https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55
- https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/56
- https://metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12-1.95/view/Changes.md
- http://www.openwall.com/lists/oss-security/2026/05/17/5
Published: 17 May 2026 · Updated: 28 May 2026 · First seen: 17 May 2026