CVE-2026-58101

JONASBN · Crypt::OpenSSL::X509

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl are vulnerable to a denial of service via NULL pointer dereference when parsing specific X.509 extensions.

Executive summary

A NULL pointer dereference vulnerability in the Crypt::OpenSSL::X509 Perl module allows unauthenticated attackers to crash the application process.

Vulnerability

The module fails to properly check for NULL return values when parsing X.509 certificate extensions, leading to a SIGSEGV and subsequent denial of service when processing malicious DER-encoded data.

Business impact

This vulnerability allows an attacker to cause a denial of service, which can lead to significant application downtime. While the CVSS score of 7.5 indicates a high severity, the impact is limited to availability rather than data compromise or unauthorized access.

Remediation

Immediate Action: Upgrade to Crypt::OpenSSL::X509 version 2.1.3 or later to incorporate necessary NULL checks.

Proactive Monitoring: Monitor application error logs for segmentation faults or unexpected service restarts related to certificate processing.

Compensating Controls: Implement input validation at the application level to reject malformed certificate data before it is passed to the vulnerable library.

Exploitation status

Public Exploit Available: No (no confirmed public exploit in available data)

Analyst recommendation

Organizations utilizing the Crypt::OpenSSL::X509 Perl module should update to version 2.1.3 to ensure robust handling of X.509 extensions. Proactive patching is recommended to maintain application stability and prevent service disruption.