CVE-2026-8721

Gravedad:

Pendiente de análisis

Tipo:

No Disponible / Otro tipo

Fecha de publicación:

17/05/2026

Última modificación:

17/05/2026

Descripción

*** Pendiente de traducción *** Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs.<br /> <br /> Password parameters in PKCS12.xs are declared char *, which routes through Perl&#39;s default typemap to SvPV_nolen. The Perl length is discarded.<br /> <br /> The C code (or OpenSSL internally) calls strlen() on the buffer. Any password byte at or after the first NULL is silently dropped. Binary / KDF-derived / HMAC-derived passwords lose entropy without any warnings.

Impacto

Referencias a soluciones, herramientas e información

https://metacpan.org/release/JONASBN/Crypt-OpenSSL-PKCS12-1.95/view/Changes.md