| Name | CVE-2026-8507 |
| Description | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew(). |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| libcrypt-openssl-pkcs12-perl (PTS) | bullseye | 1.3-1 | fixed |
| trixie | 1.94-1 | vulnerable | |
| forky, sid | 1.95-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| libcrypt-openssl-pkcs12-perl | source | bullseye | (not affected) | |||
| libcrypt-openssl-pkcs12-perl | source | (unstable) | 1.95-1 |
[trixie] - libcrypt-openssl-pkcs12-perl <no-dsa> (Minor issue)
[bullseye] - libcrypt-openssl-pkcs12-perl <not-affected> (Vulnerable code introduced later)
https://lists.security.metacpan.org/cve-announce/msg/40149247/
https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55
https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/56
Introduced by: https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/e05c66178b220b485c8188f9243c22a64083f6c5 (1.92)
Fixed by: https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/b9d0469c6d8f5b5c6c2a45a3d0647a532b749397
Regression test: https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/31878e6453079d0cdb748c7e9c514460cf308e6c