{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-9265/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-22T15:36:11.439Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-9265","@id":"https://www.cve.org/CVERecord?id=CVE-2026-9265","description":"Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print_attribute UTF8STRING path.\n\nprint_attribute() copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen() on the result and pass the inflated length to newSVpvn(), copying attacker-influenced adjacent heap bytes into a Perl scalar."},"products":[{"@id":"cpe:2.3:a:jonasbn:crypt\\:\\:openssl\\:\\:pkcs12:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:jonasbn:crypt\\:\\:openssl\\:\\:pkcs12:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 1.96.","timestamp":"2026-06-22T15:36:11.439Z"}]}