CyberSec.Space Logo
CVEブラウザに戻る

CVE-2026-9265

PENDING
N/A
CVSS Severity Score
EPSS Score0.1040%
EPSS Percentile42.46th
Published2026年6月20日
Last Modified2026年6月20日

Vulnerability Description

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_attribute() copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen() on the result and pass the inflated length to newSVpvn(), copying attacker-influenced adjacent heap bytes into a Perl scalar.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/a7bd2f319fa8aab8177b3d767ea06dd85ceb3173.patch
🔗 https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55
🔗 https://metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12-1.96/source/Changes.md

関連する脆弱性情報

CVE-2026-2012710.0

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN M...

CVE-2026-2018210.0

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after ...

CVE-2026-4077210.0

Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.

CVE-2026-4925710.0

mcp-pinot is a Python-based Model Context Protocol (MCP) server for interacting with Apache Pinot. In versions 3.0.1 and below, mc...