PatchSiren

JONASBN CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Review JONASBN CVE published 2026-07-13

CVE-2026-58102

CVE-2026-58102 is a heap out-of-bounds read vulnerability in Crypt::OpenSSL::X509 versions before 2.1.3 for Perl. The vulnerability occurs when building the extension hash via extensions(), extensions_by_long_name(), extensions_by_oid(), or has_extension_oid(). The code passes OBJ_obj2txt()'s return value as the hash-key length, which is the OID's full text length rather than the bytes written to the fixe [truncated]

Review JONASBN CVE published 2026-07-13

CVE-2026-58101

CVE-2026-58101 is a denial-of-service vulnerability in Crypt::OpenSSL::X509 versions before 2.1.3 for Perl. The vulnerability is caused by a NULL pointer dereference. X509V3_EXT_d2i returns NULL when an extension's DER value fails to parse, and basicC, ia5string, and auth_att dereference its result without a NULL check. This vulnerability can be triggered by a caller invoking an affected helper on an exte [truncated]