CVE-2026-58101
JONASBN · Crypt::OpenSSL::X509
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl are vulnerable to a denial of service via NULL pointer dereference when parsing specific X.509 extensions.
Executive summary
A NULL pointer dereference vulnerability in the Crypt::OpenSSL::X509 Perl module allows unauthenticated attackers to crash the application process.
Vulnerability
The module fails to properly check for NULL return values when parsing X.509 certificate extensions, leading to a SIGSEGV and subsequent denial of service when processing malicious DER-encoded data.
Business impact
This vulnerability allows an attacker to cause a denial of service, which can lead to significant application downtime. While the CVSS score of 7.5 indicates a high severity, the impact is limited to availability rather than data compromise or unauthorized access.
Remediation
Immediate Action: Upgrade to Crypt::OpenSSL::X509 version 2.1.3 or later to incorporate necessary NULL checks.
Proactive Monitoring: Monitor application error logs for segmentation faults or unexpected service restarts related to certificate processing.
Compensating Controls: Implement input validation at the application level to reject malformed certificate data before it is passed to the vulnerable library.
Exploitation status
Public Exploit Available: No (no confirmed public exploit in available data)
Analyst recommendation
Organizations utilizing the Crypt::OpenSSL::X509 Perl module should update to version 2.1.3 to ensure robust handling of X.509 extensions. Proactive patching is recommended to maintain application stability and prevent service disruption.