CVE-2026-58101
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-476
Desreferencia a puntero nulo (NULL)
Fecha de publicación:
13/07/2026
Última modificación:
14/07/2026
Descripción
*** Pendiente de traducción *** Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference.<br />
<br />
X509V3_EXT_d2i(ext) returns NULL when an extension&#39;s DER value fails to parse. basicC, ia5string, and auth_att dereference its result without a NULL check. keyid_data also dereferences akid->keyid, which is NULL for an empty AKI SEQUENCE (DER 30 00) even when the parse succeeds.<br />
<br />
A caller invoking an affected helper on an extension from an untrusted certificate triggers a SIGSEGV that crashes the Perl process.
Impacto
Puntuación base 3.x
7.50
Gravedad 3.x
ALTA



