Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Crypt::OpenSSL::X509 by JONASBN

    CVE-2026-58102 (GCVE-0-2026-58102)

    Vulnerability from cvelistv5 – Published: 2026-07-13 22:22 – Updated: 2026-07-13 22:22
    VLAI
    Title
    Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts
    Summary
    Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts. When building the extension hash (via extensions(), extensions_by_long_name(), extensions_by_oid(), or has_extension_oid()), the code passes OBJ_obj2txt()'s return value as the hash-key length; because that value is the OID's full text length rather than the bytes written to the fixed-size buffer (129 bytes), an OID whose text is longer than the 129-byte buffer causes a read past the allocation, exposing adjacent heap memory as the returned hash key. extensions_by_name() uses the static shortname path and is not affected.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JONASBN Crypt::OpenSSL::X509 Affected: 0 , < 2.1.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-OpenSSL-X509",
              "product": "Crypt::OpenSSL::X509",
              "programFiles": [
                "X509.xs"
              ],
              "programRoutines": [
                {
                  "name": "hv_exts"
                },
                {
                  "name": "Crypt::OpenSSL::X509::extensions"
                },
                {
                  "name": "Crypt::OpenSSL::X509::extensions_by_long_name"
                },
                {
                  "name": "Crypt::OpenSSL::X509::extensions_by_oid"
                }
              ],
              "repo": "https://github.com/dsully/perl-crypt-openssl-x509",
              "vendor": "JONASBN",
              "versions": [
                {
                  "lessThan": "2.1.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts.\n\nWhen building the extension hash (via extensions(), extensions_by_long_name(), extensions_by_oid(), or has_extension_oid()), the code passes OBJ_obj2txt()\u0027s return value as the hash-key length; because that value is the OID\u0027s full text length rather than the bytes written to the fixed-size buffer (129 bytes), an OID whose text is longer than the 129-byte buffer causes a read past the allocation, exposing adjacent heap memory as the returned hash key. extensions_by_name() uses the static shortname path and is not affected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T22:22:48.618Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/dsully/perl-crypt-openssl-x509/commit/757289bfce095455c104d4adfe9312e7b339620f.patch"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/JONASBN/Crypt-OpenSSL-X509-2.1.3/source/Changes.md"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Crypt::OpenSSL::X509 2.1.3 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts",
          "workarounds": [
            {
              "lang": "en",
              "value": "Callers that must enumerate extensions of untrusted certificates can restrict enumeration to extensions_by_name(), which uses the static shortname path and does not trigger the over-read."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-58102",
        "datePublished": "2026-07-13T22:22:48.618Z",
        "dateReserved": "2026-06-29T06:35:04.718Z",
        "dateUpdated": "2026-07-13T22:22:48.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58101 (GCVE-0-2026-58101)

    Vulnerability from cvelistv5 – Published: 2026-07-13 22:17 – Updated: 2026-07-13 22:17
    VLAI
    Title
    Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference
    Summary
    Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3_EXT_d2i(ext) returns NULL when an extension's DER value fails to parse. basicC, ia5string, and auth_att dereference its result without a NULL check. keyid_data also dereferences akid->keyid, which is NULL for an empty AKI SEQUENCE (DER 30 00) even when the parse succeeds. A caller invoking an affected helper on an extension from an untrusted certificate triggers a SIGSEGV that crashes the Perl process.
    Severity
    No CVSS data available.
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    JONASBN Crypt::OpenSSL::X509 Affected: 0 , < 2.1.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Crypt-OpenSSL-X509",
              "product": "Crypt::OpenSSL::X509",
              "programFiles": [
                "X509.xs"
              ],
              "programRoutines": [
                {
                  "name": "Crypt::OpenSSL::X509::Extension::basicC"
                },
                {
                  "name": "Crypt::OpenSSL::X509::Extension::ia5string"
                },
                {
                  "name": "Crypt::OpenSSL::X509::Extension::auth_att"
                },
                {
                  "name": "Crypt::OpenSSL::X509::Extension::keyid_data"
                }
              ],
              "repo": "https://github.com/dsully/perl-crypt-openssl-x509",
              "vendor": "JONASBN",
              "versions": [
                {
                  "lessThan": "2.1.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference.\n\nX509V3_EXT_d2i(ext) returns NULL when an extension\u0027s DER value fails to parse. basicC, ia5string, and auth_att dereference its result without a NULL check. keyid_data also dereferences akid-\u003ekeyid, which is NULL for an empty AKI SEQUENCE (DER 30 00) even when the parse succeeds.\n\nA caller invoking an affected helper on an extension from an untrusted certificate triggers a SIGSEGV that crashes the Perl process."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T22:17:48.375Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/dsully/perl-crypt-openssl-x509/commit/4c1e2370556097c253ae27abe9e1097ea377fbd2.patch"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/JONASBN/Crypt-OpenSSL-X509-2.1.3/source/Changes.md"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Crypt::OpenSSL::X509 2.1.3 or later, which NULL-checks each X509V3_EXT_d2i result and the optional keyid field before dereferencing."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-58101",
        "datePublished": "2026-07-13T22:17:48.375Z",
        "dateReserved": "2026-06-29T06:35:04.717Z",
        "dateUpdated": "2026-07-13T22:17:48.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }