CVE-2026-2597
Received Received - Intake
Heap Buffer Overflow in Crypt::SysRandom::XS random_bytes() Function

Publication date: 2026-02-27

Last updated on: 2026-03-03

Assigner: CPANSec

Description
Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buffer overflow in the XS function random_bytes(). The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) is supplied, the expression length + 1u causes an integer wraparound, resulting in a zero-byte allocation. The subsequent call to chosen random function (e.g. getrandom) passes the original negative value, which is implicitly converted to a large unsigned value (typically SIZE_MAX). This can result in writes beyond the allocated buffer, leading to heap memory corruption and application crash (denial of service). In common usage, the length argument is typically hardcoded by the caller, which reduces the likelihood of attacker-controlled exploitation. Applications that pass untrusted input to this parameter may be affected.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-27
Last Modified
2026-03-03
Generated
2026-06-16
AI Q&A
2026-02-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2597
EUVD
EUVD-2026-8939
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
leont crypt to 0.010 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

Crypt::SysRandom::XS versions before 0.010 for Perl contains a heap buffer overflow vulnerability in the XS function random_bytes().

The vulnerability occurs because the function does not check if the length parameter is non-negative. If a negative value is passed, an integer wraparound causes a zero-byte allocation.

Subsequently, the function that generates random bytes is called with the original negative value, which is interpreted as a very large unsigned number, leading to writes beyond the allocated buffer.

This results in heap memory corruption and can cause the application to crash, leading to denial of service.

Exploitation is less likely when the length argument is hardcoded, but applications passing untrusted input to this parameter may be vulnerable.

Impact Analysis

This vulnerability can lead to heap memory corruption and cause the affected application to crash, resulting in a denial of service.

If an attacker can supply a negative length parameter to the random_bytes() function, they may trigger this overflow and disrupt normal application operation.

However, if the length parameter is hardcoded and not influenced by untrusted input, the risk of exploitation is reduced.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2597. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart