PT-2026-51127 · Jonasbn · Crypt::Openssl::Pkcs12

Published

2026-06-20

Updated

2026-06-20

CVE-2026-9265

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print attribute UTF8STRING path.

print attribute() copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen() on the result and pass the inflated length to newSVpvn(), copying attacker-influenced adjacent heap bytes into a Perl scalar.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2026-9265

Affected Products

Crypt::Openssl::Pkcs12

PT-2026-51127 · Jonasbn · Crypt::Openssl::Pkcs12

CVE-2026-9265

Weakness Enumeration

Related Identifiers

Affected Products

References · 4