QwikSec

Security Database

CVE

CWE

Training

CVE-2026-8507

Published: May 17, 2026

Modified: May 18, 2026

PUBLISHED

Description

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().

Vendor	Product	Versions
JONASBN	Crypt::OpenSSL::PKCS12	affected `0 - <= 1.94`

Weaknesses (CWE)

References

https://metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12-1.95/view/Changes.md

release-notes

https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55

issue-tracking

https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/56

issue-tracking

https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/b9d0469c6d8f5b5c6c2a45a3d0647a532b749397.patch

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.