CVE-2026-41565: CWE-121 Stack-based Buffer Overflow in MIK CryptX
CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers. The gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify and eax_decrypt_verify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer (MAXBLOCKSIZE) without checking the supplied length. A longer tag overwrites the stack past the buffer. Version 0.088 added the clamp to gcm_decrypt_verify, and 0.088_001 added it to the other three. Any caller of an affected helper that forwards an attacker-controlled tag longer than the buffer can trigger the overflow.
AI Analysis
Technical Summary
The vulnerability exists in the gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify, and eax_decrypt_verify XS routines of CryptX for Perl before version 0.088_001. These routines copy an authentication tag from the caller into a fixed-size 144-byte stack buffer without checking if the tag length exceeds this buffer size, leading to a stack-based buffer overflow (CWE-121). This can be triggered by any caller passing an attacker-controlled tag longer than 144 bytes. Version 0.088 introduced a clamp to gcm_decrypt_verify, and version 0.088_001 extended this fix to the other three routines.
Potential Impact
A stack-based buffer overflow can lead to memory corruption, which may cause application crashes or potentially allow arbitrary code execution depending on the context in which the vulnerable routines are used. However, no known exploits in the wild have been reported. The vulnerability affects all versions of CryptX before 0.088_001.
Mitigation Recommendations
No official patch or vendor advisory is currently available. Users should upgrade to CryptX version 0.088_001 or later, where the vulnerability is fixed by adding length checks (clamping) on the authentication tag input. Until an upgrade is possible, avoid passing untrusted or attacker-controlled authentication tags to the affected decrypt_verify helper routines.
CVE-2026-41565: CWE-121 Stack-based Buffer Overflow in MIK CryptX
Description
CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers. The gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify and eax_decrypt_verify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer (MAXBLOCKSIZE) without checking the supplied length. A longer tag overwrites the stack past the buffer. Version 0.088 added the clamp to gcm_decrypt_verify, and 0.088_001 added it to the other three. Any caller of an affected helper that forwards an attacker-controlled tag longer than the buffer can trigger the overflow.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability exists in the gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify, and eax_decrypt_verify XS routines of CryptX for Perl before version 0.088_001. These routines copy an authentication tag from the caller into a fixed-size 144-byte stack buffer without checking if the tag length exceeds this buffer size, leading to a stack-based buffer overflow (CWE-121). This can be triggered by any caller passing an attacker-controlled tag longer than 144 bytes. Version 0.088 introduced a clamp to gcm_decrypt_verify, and version 0.088_001 extended this fix to the other three routines.
Potential Impact
A stack-based buffer overflow can lead to memory corruption, which may cause application crashes or potentially allow arbitrary code execution depending on the context in which the vulnerable routines are used. However, no known exploits in the wild have been reported. The vulnerability affects all versions of CryptX before 0.088_001.
Mitigation Recommendations
No official patch or vendor advisory is currently available. Users should upgrade to CryptX version 0.088_001 or later, where the vulnerability is fixed by adding length checks (clamping) on the authentication tag input. Until an upgrade is possible, avoid passing untrusted or attacker-controlled authentication tags to the affected decrypt_verify helper routines.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CPANSec
- Date Reserved
- 2026-04-21T12:45:20.133Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a186052e29bf47b500b420d
Added to database: 5/28/2026, 3:33:38 PM
Last enriched: 5/28/2026, 3:50:30 PM
Last updated: 5/29/2026, 10:58:11 AM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.