{"id":"CVE-2026-8507","summary":"Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws","details":"Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws.\n\nWhen parsing a PKCS12 file, with a \u003e= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().","modified":"2026-07-08T08:13:52.290920400Z","published":"2026-05-17T18:43:05.863Z","database_specific":{"cna_assigner":"CPANSec","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8507.json","cwe_ids":["CWE-787"]},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2026/05/17/5"},{"type":"WEB","url":"https://cpan.org/modules"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8507.json"},{"type":"ADVISORY","url":"https://metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12-1.95/view/Changes.md"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8507"},{"type":"REPORT","url":"https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55"},{"type":"REPORT","url":"https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/56"},{"type":"FIX","url":"https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/b9d0469c6d8f5b5c6c2a45a3d0647a532b749397.patch"},{"type":"PACKAGE","url":"https://github.com/dsully/perl-crypt-openssl-pkcs12"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dsully/perl-crypt-openssl-pkcs12","events":[{"introduced":"0"},{"fixed":"621d94a6d389f043ecb00bcea5e75e7a1783d34e"},{"fixed":"b9d0469c6d8f5b5c6c2a45a3d0647a532b749397"}],"database_specific":{"source":["DESCRIPTION","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"1.94"}]}}],"versions":["1.94","1.93","1.92","1.91","1.11","1.10","1.9","1.8","1.7","1.6","1.5","1.4","1.3","1.2","1.1","1.0","0.10","0.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8507.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}