CVE-2026-8507

Voidly

NIST · via Voidly Atlas

CVE-2026-8507

This is the agency's own public-domain data, curated and made citable by Voidly. Voidly adds no independent claim — always verify against the linked canonical source.

cve id

CVE-2026-8507

published

2026-05-17T19:16:24.590

last modified

2026-05-18T00:16:36.733

status

Received

description

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info() or info_as_hash(), a heap out-of-bounds write would be triggered with remote-code-execution potential (RCE) due to a signed integer overflow in the size calculation passed to Renew().

cvss score

—

cvss severity

—

cvss vector

—

cwes

CWE-787

cpe count

0

Verify at NIST National Vulnerability Database ↗

Cite this record

CVE-2026-8507 — CVE. NIST, via Voidly Atlas — Surveillance & Digital-Rights Watch. Retrieved 2026-06-07, https://voidly.ai/atlas/federal/nvd-cves/CVE-2026-8507

@misc{voidly_nvd_cves_CVE20268507,
  title        = {CVE-2026-8507 — CVE},
  author       = {{Voidly}},
  howpublished = {\url{https://voidly.ai/atlas/federal/nvd-cves/CVE-2026-8507}},
  note         = {Source: NIST National Vulnerability Database, https://nvd.nist.gov/vuln/detail/CVE-2026-8507. Public domain (17 U.S.C. §105); re-surfaced under CC BY 4.0},
  urldate      = {2026-06-07},
  year         = {2026}
}

Also available as JSON/BibTeX/APA: API record. Source data is U.S. federal public domain (17 U.S.C. §105). Re-surfaced by Voidly under CC BY 4.0.