CVE-2026-8507

Name of the Vulnerable Software and Affected Versions Crypt::OpenSSL::PKCS12 versions prior to 1.95

Description An out-of-bounds write flaw exists when parsing a PKCS12 file containing an OCTET STRING or BIT STRING attribute on a SAFEBAG of 1 GiB or larger. This issue is triggered via the info() or info as hash() functions and results from a signed integer overflow in the size calculation passed to the Renew() function, potentially leading to remote code execution.

Recommendations Update to a version later than 1.94. As a temporary workaround, restrict the processing of PKCS12 files containing attributes larger than 1 GiB or limit the use of the info() and info as hash() functions.