PT-2026-57918 · Jonasbn · Crypt::Openssl::X509

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-58102

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv exts.
When building the extension hash (via extensions(), extensions by long name(), extensions by oid(), or has extension oid()), the code passes OBJ obj2txt()'s return value as the hash-key length; because that value is the OID's full text length rather than the bytes written to the fixed-size buffer (129 bytes), an OID whose text is longer than the 129-byte buffer causes a read past the allocation, exposing adjacent heap memory as the returned hash key. extensions by name() uses the static shortname path and is not affected.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-58102

Affected Products

Crypt::Openssl::X509