PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-58101 JONASBN CVE debrief

CVE-2026-58101 is a denial-of-service vulnerability in Crypt::OpenSSL::X509 versions before 2.1.3 for Perl. The vulnerability is caused by a NULL pointer dereference. X509V3_EXT_d2i returns NULL when an extension's DER value fails to parse, and basicC, ia5string, and auth_att dereference its result without a NULL check. This vulnerability can be triggered by a caller invoking an affected helper on an extension from an untrusted certificate, resulting in a SIGSEGV that crashes the Perl process. Users of Crypt::OpenSSL::X509 before version 2.1.3 for Perl should be aware of this vulnerability and take steps to mitigate it.

Vendor
JONASBN
Product
Crypt::OpenSSL::X509
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of Crypt::OpenSSL::X509 before version 2.1.3 for Perl should be aware of this vulnerability and take steps to mitigate it. This includes operators, platform administrators, vulnerability management teams, and security teams who need to review the affected scope and severity with the official advisory.

Technical summary

The vulnerability is caused by the X509V3_EXT_d2i function returning NULL when an extension's DER value fails to parse. The basicC, ia5string, and auth_att functions then dereference this NULL value without a NULL check, resulting in a denial-of-service vulnerability via a NULL pointer dereference. The vulnerability can be triggered by a caller invoking an affected helper on an extension from an untrusted certificate, resulting in a SIGSEGV that crashes the Perl process.

Defensive priority

High

Recommended defensive actions

  • Update Crypt::OpenSSL::X509 to version 2.1.3 or later
  • Restrict access to untrusted certificates
  • Implement additional monitoring and logging to detect potential attacks
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-13T23:16:47.020Z and has not been modified since then. The NVD entry is currently Received. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the official advisory. The vulnerability is caused by a NULL pointer dereference in the X509V3_EXT_d2i function, which returns NULL when an extension's DER value fails to parse.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T23:16:47.020Z and has not been modified since then.