What is GHSA-3qmj-qw66-fwx8?

GHSA-3qmj-qw66-fwx8 is a security advisory published by GitHub Security Advisories with Critical severity. Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of bound (OOB) write flaws. When...

Which CVE IDs does GHSA-3qmj-qw66-fwx8 cover?

GHSA-3qmj-qw66-fwx8 covers the following CVE IDs: CVE-2026-8507. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-3qmj-qw66-fwx8?

GHSA-3qmj-qw66-fwx8 has a CVSS v3 base score of 9.8, published by GitHub Security Advisories.

GHSA-3qmj-qw66-fwx8CriticalCVSS 9.8

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of bound (OOB) write flaws. When...

Vendor

GitHub Security Advisories

Published

May 17, 2026

Last Modified

May 18, 2026

🔗 CVE IDs covered (1)

CVE-2026-8507 →

📋 Description

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of bound (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap-OOB-WRITE would be triggered which could have Remote Code Execution (RCE) potential.

🔗 References (7)

https://nvd.nist.gov/vuln/detail/CVE-2026-8507
https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55
https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/56
https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/b9d0469c6d8f5b5c6c2a45a3d0647a532b749397.patch
https://metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12-1.95/view/Changes.md
http://www.openwall.com/lists/oss-security/2026/05/17/5
https://github.com/advisories/GHSA-3qmj-qw66-fwx8