CVE-2026-41565

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

CryptX versions before 0.088 001 for Perl have a stack buffer overflow in four AEAD decrypt verify helpers.

The gcm decrypt verify, ccm decrypt verify, chacha20poly1305 decrypt verify and eax decrypt verify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer (MAXBLOCKSIZE) without checking the supplied length. A longer tag overwrites the stack past the buffer. Version 0.088 added the clamp to gcm decrypt verify, and 0.088 001 added it to the other three.

Any caller of an affected helper that forwards an attacker-controlled tag longer than the buffer can trigger the overflow.

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

CVE-2026-41565

Affected Products

Cryptx

CVE-2026-41565

Weakness Enumeration

Related Identifiers

Affected Products

References · 4