Unrated severityNVD Advisory· Published Jun 20, 2026

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path

CVE-2026-9265

Description

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path.

print_attribute() copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen() on the result and pass the inflated length to newSVpvn(), copying attacker-influenced adjacent heap bytes into a Perl scalar.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Dsully/Perl Crypt Openssl Pkcs12llm-fuzzy
Range: <1.96

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/dsully/perl-crypt-openssl-pkcs12/commit/a7bd2f319fa8aab8177b3d767ea06dd85ceb3173.patchmitrepatch
github.com/dsully/perl-crypt-openssl-pkcs12/issues/55mitreissue-tracking
metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12-1.96/source/Changes.mdmitrerelease-notes

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000