{"id":"CVE-2026-41565","summary":"CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers","details":"CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers.\n\nThe gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify and eax_decrypt_verify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer (MAXBLOCKSIZE) without checking the supplied length. A longer tag overwrites the stack past the buffer. Version 0.088 added the clamp to gcm_decrypt_verify, and 0.088_001 added it to the other three.\n\nAny caller of an affected helper that forwards an attacker-controlled tag longer than the buffer can trigger the overflow.","modified":"2026-07-08T08:05:12.136713314Z","published":"2026-05-28T14:13:19.301Z","related":["openSUSE-SU-2026:10968-1","openSUSE-SU-2026:20936-1"],"database_specific":{"cwe_ids":["CWE-121"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41565.json","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"fixed":"0.088_001"}]},{"source":"DESCRIPTION","extracted_events":[{"fixed":"0.088_001"}]}],"cna_assigner":"CPANSec"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2026/05/28/10"},{"type":"WEB","url":"https://cpan.org/modules"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41565.json"},{"type":"ADVISORY","url":"https://metacpan.org/release/MIK/CryptX-0.088_001"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41565"},{"type":"FIX","url":"https://github.com/DCIT/perl-CryptX/commit/57e69e541b0718ca8724c2f61514322a2d859bc1.patch"},{"type":"FIX","url":"https://github.com/DCIT/perl-CryptX/commit/7e56347d420aaf43b2ee1586f4a230492ccf1642.patch"},{"type":"PACKAGE","url":"https://github.com/DCIT/perl-CryptX"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dcit/perl-cryptx","events":[{"introduced":"0"},{"fixed":"57e69e541b0718ca8724c2f61514322a2d859bc1"},{"fixed":"7e56347d420aaf43b2ee1586f4a230492ccf1642"}],"database_specific":{"source":"REFERENCES"}}],"versions":["v0.088","v0.087","v0.086","v0.085","v0.084","v0.083","v0.082","v0.081","v0.080","v0.079","v0.078","v0.077","v0.076","v0.075","v0.074","v0.073","v0.072","v0.071","v0.070","v0.069","v0.068","v0.067","v0.066","v0.065","v0.064","v0.063","v0.062","v0.061","v0.060","v0.059","v0.058","v0.057","v0.056","v0.055","v0.054","v0.053","v0.052","v0.051","v0.050","v0.049","v0.048","v0.047","v0.046","v0.045","v0.044","v0.043","v0.042","v0.041","v0.040","v0.039","v0.038","v0.037","v0.036","v0.035","v0.034","v0.033","v0.032","v0.031","v0.030","v0.029","v0.026","v0.025","v0.024","v0.023","v0.022"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41565.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}