CVE-2026-41565
CryptX, a cryptographic library for Perl, contains a stack buffer overflow vulnerability in its AEAD (Authenticated Encryption with Associated Data) decryption functions. When these functions process an authentication tag longer than expected, they overflow a fixed-size buffer on the stack, potentially corrupting memory and crashing the application. An attacker who can supply a maliciously long authentication tag to vulnerable code paths can trigger this crash. The vulnerability affects four specific decryption functions: gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify, and eax_decrypt_verify. Patches were released incrementally, with gcm_decrypt_verify fixed in version 0.088 and the remaining three functions addressed in version 0.088_001.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 7.5 HIGH · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Weaknesses (CWE)
- CWE-121
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-17
NVD description (verbatim)
CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers. The gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify and eax_decrypt_verify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer (MAXBLOCKSIZE) without checking the supplied length. A longer tag overwrites the stack past the buffer. Version 0.088 added the clamp to gcm_decrypt_verify, and 0.088_001 added it to the other three. Any caller of an affected helper that forwards an attacker-controlled tag longer than the buffer can trigger the overflow.
4 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The vulnerability is a stack-based buffer overflow (CWE-121) in CryptX's XS (Perl C extension) routines. The affected decrypt_verify helpers copy caller-supplied AEAD authentication tags into a fixed 144-byte stack buffer (MAXBLOCKSIZE) without validating the tag length. When a tag exceeding 144 bytes is provided, the memcpy or similar operation writes beyond the buffer boundary, corrupting the stack frame. This can overwrite return addresses, saved registers, or other stack-resident data structures. The overflow is triggered during the authentication tag verification phase of AEAD decryption operations. The vulnerability requires no authentication or special privileges—any code that calls these functions with attacker-controlled tag input is exposed.
Business impact
Applications relying on CryptX for authenticated encryption may experience denial of service if an attacker injects oversized authentication tags into encrypted messages. While the CVSS vector indicates availability impact rather than confidentiality or integrity compromise, stack corruption can also lead to information disclosure or code execution in some contexts, depending on how the stack is structured and what sensitive data resides there. For services processing encrypted data from untrusted sources—such as message brokers, APIs, or peer-to-peer communication layers—this could enable remote crashes. Perl-based infrastructure, including DevOps tools and automation platforms using CryptX, may be silently affected if their threat model hasn't accounted for malicious ciphertext input.
Affected systems
Any Perl application or system using CryptX versions before 0.088_001 is potentially affected. The vulnerability is most severe in those versions that do not include the length-check safeguards. Version 0.088 patched the gcm_decrypt_verify function but left ccm_decrypt_verify, chacha20poly1305_decrypt_verify, and eax_decrypt_verify unprotected until version 0.088_001. Organizations running CryptX should audit their module versions and check the impact of the four affected AEAD decrypt_verify functions in their codebase.
Exploitability
This vulnerability has a low barrier to exploitation. An attacker needs only to craft a message with an oversized authentication tag and transmit it to a system processing CryptX-encrypted data. No user interaction is required, and the attack can be conducted remotely over the network. The CVSS score of 7.5 (HIGH) reflects the network accessibility and lack of authentication requirements. However, practical exploitation depends on whether the application's threat model includes untrusted ciphertext as an input vector and whether the stack overflow reliably crashes the process or can be leveraged for code execution. The vulnerability is not currently listed in the Known Exploited Vulnerabilities (KEV) catalog, suggesting that active, widespread exploitation has not yet been documented.
Remediation
Upgrade CryptX to version 0.088_001 or later immediately. This version includes length-checking safeguards for all four affected AEAD decrypt_verify functions. Organizations should verify that the upgrade is compatible with their Perl version and other module dependencies. After patching, perform smoke tests on critical encrypted communication paths to ensure functionality is preserved. For systems unable to upgrade immediately, consider network-level input validation to reject messages with unusually large authentication tags, though this is a temporary mitigation only.
Patch guidance
Update CryptX from CPAN or your preferred Perl module repository to version 0.088_001 or later. Verify the patched version by checking the installed module version in your Perl environment (e.g., perl -MCryptX -e 'print $CryptX::VERSION'). If you are on version 0.088, be aware that this partially addresses the issue—only gcm_decrypt_verify is protected; upgrade to 0.088_001 to protect all four functions. Test the upgrade in a staging environment before rolling out to production, particularly if CryptX is a transitive dependency of other modules or if your code relies on specific behavior of the decrypt_verify functions.
Detection guidance
Monitor for crashes or denial of service in applications using CryptX, particularly in decryption or message-processing code paths. Look for segmentation faults or stack overflow exceptions in Perl interpreter logs. If you have access to application logs, watch for error messages related to cryptographic verification failures or unexpected crashes in code calling CryptX's AEAD functions. Network-level detection is challenging without deep packet inspection, but anomalously large authentication tags in encrypted protocol frames can be flagged as suspicious. Audit your codebase to identify which AEAD functions are being called and whether the authentication tag input comes from untrusted sources.
Why prioritize this
This vulnerability merits prompt attention due to its HIGH CVSS score (7.5), network exploitability, and lack of authentication requirements. While it does not currently appear in the KEV catalog, the ease of triggering a denial of service and the potential for stack corruption to lead to further compromise justify treating it as a priority. Organizations heavily dependent on Perl infrastructure for cryptographic operations should prioritize patching. However, the lack of widespread active exploitation and the requirement for the application to process untrusted AEAD-encrypted input means this can be scheduled in the near term rather than as an emergency zero-day response.
Risk score, explained
The CVSS 3.1 score of 7.5 (HIGH) is justified by the network vector (no special access required), low attack complexity (simple tag injection), and high availability impact (denial of service via crash). The vector indicates no confidentiality or integrity impact, suggesting that the overflow does not directly leak secrets or corrupt encrypted data, but rather causes process termination. However, stack-based buffer overflows can occasionally be chained with other weaknesses to achieve code execution; a defense-in-depth approach is warranted.
Frequently asked questions
Do I need to patch immediately, or can this wait until the next maintenance window?
If your applications process AEAD-encrypted data from untrusted sources over the network, patching should be prioritized within the next two weeks. If CryptX is only used for trusted, internal encryption operations, a standard maintenance window is acceptable. Check whether the untrusted input paths are real in your environment before deciding on urgency.
I'm on version 0.088. Am I fully protected?
No. Version 0.088 only patched gcm_decrypt_verify. The other three functions—ccm_decrypt_verify, chacha20poly1305_decrypt_verify, and eax_decrypt_verify—remain vulnerable. Upgrade to 0.088_001 or later to close the remaining gaps.
Can this vulnerability be exploited to execute arbitrary code?
The CVSS assessment indicates the primary impact is denial of service (availability). Stack buffer overflows can sometimes be chained to achieve code execution, but the structure of the CryptX code and Perl interpreter constraints make this scenario less likely than a simple crash. Treat this as a denial-of-service risk first; assume code execution is not reliably achievable unless new research surfaces otherwise.
Our application uses CryptX but only for symmetric key wrapping, not AEAD. Are we affected?
Only if your code calls one of the four vulnerable decrypt_verify functions: gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify, or eax_decrypt_verify. Review your code to confirm. If you use CryptX only for other cryptographic operations, you are not exposed by this vulnerability.
This analysis is provided for informational purposes and reflects the state of the vulnerability as of the publication date. Patch version numbers, affected versions, and vendor advisories are derived from official sources and should be verified against the CryptX CPAN repository and official vendor advisories before making deployment decisions. No guarantee of exploit code, weaponization status, or real-world active exploitation is implied. Organizations should conduct their own risk assessment based on their specific use of CryptX and threat environment. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Browse
Related vulnerabilities
- CVE-2018-25383HIGH
CVE-2018-25383: Free MP3 CD Ripper 2.8 Stack Overflow – ROP and DEP Bypass Risk
- CVE-2026-10062HIGH
CVE-2026-10062: TRENDnet TEW-432BRP Stack Overflow – EOL Hardware Risk
- CVE-2026-10063HIGH
CVE-2026-10063: TRENDnet TEW-432BRP Stack Overflow – End-of-Life Router Vulnerability
- CVE-2026-10065HIGH
CVE-2026-10065: Shibby Tomato 1.28 Stack Buffer Overflow in tomatodata.cgi
- CVE-2026-10066HIGH
CVE-2026-10066: Shibby Tomato Stack Buffer Overflow in UPS Service (RCE)
- CVE-2026-10067HIGH
CVE-2026-10067: Shibby Tomato 1.28 Stack Buffer Overflow in multimon.cgi
- CVE-2026-10119HIGH
CVE-2026-10119: Stack Overflow in TRENDnet TEW-432BRP End-of-Life Router
- CVE-2026-10120HIGH
CVE-2026-10120: TRENDnet TEW-432BRP Buffer Overflow – No Patch Available