CVE-2026-8507

Received Received - Intake

BaseFortify

Publication date: 2026-05-17

Last updated on: 2026-05-18

Assigner: CPANSec

Description

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-17

Last Modified

2026-05-18

Generated

2026-05-20

EPSS Evaluated

2026-05-19

NVD

CVE-2026-8507

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-787	The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2026-8507

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

Ask Our AI Assistant

EPSS Chart