CVE-2026-8507: CWE-787 Out-of-bounds Write in JONASBN Crypt::OpenSSL::PKCS12
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().
AI Analysis
Technical Summary
CVE-2026-8507 is an out-of-bounds write vulnerability (CWE-787) in Crypt::OpenSSL::PKCS12 versions up to 1.94 for Perl. The flaw occurs during parsing of PKCS12 files containing a SAFEBAG attribute with an OCTET STRING or BIT STRING of size 1 GiB or larger, causing a heap-based out-of-bounds write. This memory corruption could enable remote code execution. The vulnerability affects the cloud service version of the product, and a patch is available, though specific patch details are not provided. No confirmed exploitation in the wild has been reported.
Potential Impact
The vulnerability allows a specially crafted PKCS12 file to trigger a heap out-of-bounds write, which may lead to remote code execution. This could compromise the confidentiality, integrity, and availability of systems using the affected Crypt::OpenSSL::PKCS12 Perl module. However, no known exploits have been observed in the wild to date.
Mitigation Recommendations
A patch is available for this vulnerability. Since this is a cloud-hosted service, the vendor manages remediation server-side. Users should consult the vendor advisory for confirmation and ensure their environment is updated accordingly. No additional mitigation steps are indicated by the vendor advisory.
CVE-2026-8507: CWE-787 Out-of-bounds Write in JONASBN Crypt::OpenSSL::PKCS12
Description
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-8507 is an out-of-bounds write vulnerability (CWE-787) in Crypt::OpenSSL::PKCS12 versions up to 1.94 for Perl. The flaw occurs during parsing of PKCS12 files containing a SAFEBAG attribute with an OCTET STRING or BIT STRING of size 1 GiB or larger, causing a heap-based out-of-bounds write. This memory corruption could enable remote code execution. The vulnerability affects the cloud service version of the product, and a patch is available, though specific patch details are not provided. No confirmed exploitation in the wild has been reported.
Potential Impact
The vulnerability allows a specially crafted PKCS12 file to trigger a heap out-of-bounds write, which may lead to remote code execution. This could compromise the confidentiality, integrity, and availability of systems using the affected Crypt::OpenSSL::PKCS12 Perl module. However, no known exploits have been observed in the wild to date.
Mitigation Recommendations
A patch is available for this vulnerability. Since this is a cloud-hosted service, the vendor manages remediation server-side. Users should consult the vendor advisory for confirmation and ensure their environment is updated accordingly. No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CPANSec
- Date Reserved
- 2026-05-13T22:45:07.737Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 6a0a11bfec166c07b0f3cce7
Added to database: 5/17/2026, 7:06:39 PM
Last enriched: 5/17/2026, 7:21:40 PM
Last updated: 5/18/2026, 2:56:21 AM
Views: 68
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.