CVE-2026-8507— Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| JONASBN | Crypt::OpenSSL::PKCS12 | ≤ 1.94 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-8507
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws
Source: NVD (National Vulnerability Database)
Vulnerability Description
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存写
Source: NVD (National Vulnerability Database)
Vulnerability Title
Crypt::OpenSSL::PKCS12 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Crypt::OpenSSL::PKCS12是Dan Sully个人开发者的一个用于 Perl 语言的开源密码学扩展模块,主要提供了对 OpenSSL PKCS12 API 的接口调用能力。 Crypt::OpenSSL::PKCS12 1.94及之前版本存在缓冲区错误漏洞,该漏洞源于解析PKCS12文件时,当SAFEBAG上存在大于等于1 GiB的OCTET STRING或BIT STRING属性时,由于传递给Renew()的大小计算中出现有符号整数溢出,可能触发堆越界写入并具有远程代码执行潜力。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| JONASBN | Crypt::OpenSSL::PKCS12 | 0 ~ 1.94 | - |
II. Public POCs for CVE-2026-8507
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-8507
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-787
- CVE-2026-47314
三星Escargot溢出缓冲区写漏洞 - CVE-2026-25781
kernel_liteos_a has an out-of-bounds write vulnerability - CVE-2026-27648
web_webview has an out-of-bounds write vulnerability - CVE-2026-8669
Imager versions through 1.030 for Perl allow a heap out of b - CVE-2026-8454
Imager::File::GIF versions through 1.002 for Perl allow a he
V. Comments for CVE-2026-8507
No comments yet