CVE-2026-8721 – Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs

CVE ID :CVE-2026-8721

Published : May 17, 2026, 7:16 p.m. | 1 hour, 47 minutes ago

Description :Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs.

Password parameters in PKCS12.xs are declared char *, which routes through Perl’s default typemap to SvPV_nolen. The Perl length is discarded.

The C code (or OpenSSL internally) calls strlen() on the buffer. Any password byte at or after the first NULL is silently dropped. Binary / KDF-derived / HMAC-derived passwords lose entropy without any warnings.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-8507 – Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of bound (OOB) write flaws

CVE-2026-46720 – Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections

CVE-2026-8758 – Metasoft 美特软件 MetaCRM upload3.jsp unrestricted upload

CVE-2026-8757 – adenhq hive Delete Request routes_sessions.py _read_events_tail path traversal