Lucene search
K

13 matches found

OSV
OSV
added 2026/06/20 2:16 a.m.9 views

DEBIAN-CVE-2026-9265

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...

9.1CVSS6.1AI score0.00354EPSS
Exploits0References1
OSV
OSV
added 2026/06/20 2:16 a.m.5 views

UBUNTU-CVE-2026-9265

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...

9.1CVSS6AI score0.00354EPSS
Exploits0References3
CVE
CVE
added 2026/06/20 12:46 a.m.20 views

CVE-2026-9265

Crypt::OpenSSL::PKCS12 for Perl prior to 1.96 is affected by a heap OOB read in print_attribute: the function copies a UTF8STRING ASN.1 attribute value into a heap buffer sized to the declared length using strncpy, but does not append a NUL terminator. Downstream, strlen() is used and the inflate...

9.1CVSS6.1AI score0.00354EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/20 12:46 a.m.28 views

CVE-2026-9265 Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...

0.00354EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/20 12:46 a.m.9 views

EUVD-2026-38103

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...

6.1AI score0.00354EPSS
Exploits0References3
NVD
NVD
added 2026/05/17 7:16 p.m.33 views

CVE-2026-8721

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

9.8CVSS0.00447EPSS
Exploits0References2
OSV
OSV
added 2026/05/17 7:16 p.m.5 views

UBUNTU-CVE-2026-8507

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds OOB write flaws. When parsing a PKCS12 file, with a = 1 GiB OCTET STRING or BIT STRING attribute on a SAFEBAG, via info or infoashash, a heap out-of-bounds write would be triggered with remote-code-execution potential RCE du...

9.8CVSS5.9AI score0.00648EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/17 6:51 p.m.7 views

CVE-2026-8721

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

9.8CVSS5.9AI score0.00447EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/17 6:51 p.m.7 views

CVE-2026-8721 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

5.9AI score0.00447EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/17 6:51 p.m.8 views

CVE-2026-8721

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

9.8CVSS5.9AI score0.00447EPSS
Exploits0
CVE
CVE
added 2026/05/17 6:43 p.m.22 views

CVE-2026-8507

CVE-2026-8507 affects Crypt::OpenSSL::PKCS12 up to version 1.94 (Perl). The vulnerability stems from a signed integer overflow in size calculations for a 1 GiB+ OCTET STRING/BIT STRING attribute in SAFEBAGs when using info() or info_as_hash(), which can trigger a heap out-of-bounds write and remo...

9.8CVSS5.9AI score0.00648EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.10 views

Crypt::OpenSSL::PKCS12 安全漏洞

Crypt::OpenSSL::PKCS12 is an open-source cryptographic extension module developed by Dan Sully for the Perl language. It primarily provides functionality for calling the OpenSSL PKCS12 API. Versions of Crypt::OpenSSL::PKCS12 up to 1.94 contained security vulnerabilities. These vulnerabilities...

9.8CVSS5.8AI score0.00447EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.10 views

Crypt::OpenSSL::PKCS12 缓冲区错误漏洞

Crypt::OpenSSL::PKCS12 is an open-source cryptographic extension module developed by Dan Sully for the Perl language. It primarily provides interface calls to the OpenSSL PKCS12 API. Versions of Crypt::OpenSSL::PKCS12 up to 1.94 contained a buffer error vulnerability. This vulnerability arises wh...

9.8CVSS6.3AI score0.00648EPSS
Exploits0References1
Rows per page
Query Builder