CVE-2026-8721

Vulnerability

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncate passwords containing embedded NULL bytes. The XS code in PKCS12.xs declares password parameters as char * and uses Perl's default typemap (SvPV_nolen), discarding the Perl string length. OpenSSL's internal strlen() then stops at the first NULL, silently dropping any subsequent bytes. This affects all password-handling entry points, including PKCS12_create, PKCS12_newpass, and PKCS12_verify_mac [1][2].

Exploitation

An attacker must supply a password that contains one or more NULL bytes. This can occur when a user or application passes a binary password (e.g., from a key derivation function or HMAC) to the module. The attacker does not require special network access; the vulnerability is triggered during normal password processing. The password is effectively truncated to the portion before the first NULL, reducing its entropy without any warning [2].

Impact

Successful exploitation allows an attacker to bypass password protection on PKCS12 files or other cryptographic operations relying on this module. The effective password length is reduced to the substring before the first NULL, making brute-force or dictionary attacks significantly easier. This can lead to unauthorized decryption of PKCS12 containers or authentication bypass, depending on the application context [1][2].

Mitigation

Upgrade to Crypt::OpenSSL::PKCS12 version 1.95, released on 2026-05-17. This version fixes the issue by using SvPV to preserve the full Perl string length and by croaking with a clear diagnostic if a password contains an embedded NULL byte when passed to APIs that rely on strlen internally [1]. No workaround exists for versions prior to 1.95; users must avoid passwords with NULL bytes or upgrade immediately.