CVE-2026-9265 – Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path

CVE ID :CVE-2026-9265

Published : June 20, 2026, 12:46 a.m. | 2 hours, 57 minutes ago

Description :Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path.

print_attribute() copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen() on the result and pass the inflated length to newSVpvn(), copying attacker-influenced adjacent heap bytes into a Perl scalar.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…