Loading market data...
← Back to CVE feed

CVE-2026-9265

UNKNOWN View on NVD ↗

Description

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path. print_attribute() copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen() on the result and pass the inflated length to newSVpvn(), copying attacker-influenced adjacent heap bytes into a Perl scalar.

Published: Jun 20, 2026 02:16 UTC Modified: Jun 20, 2026 02:16 UTC