Crypt::OpenSSL::PKCS12 Heap Out-of-Bounds Write Vulnerability with Remote Code Execution Potential

A heap out-of-bounds write vulnerability has been identified in Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl. This vulnerability occurs when the library parses a PKCS12 file containing a SAFEBAG attribute with an oversized OCTET STRING or BIT STRING. The flaw can be triggered using the 'info()' or 'info_as_hash()' methods', potentially leading to remote code execution.

Impact

Exploitation of this vulnerability causes a heap-based out-of-bounds write, which can be leveraged for remote code execution.

Reproduction

The vulnerability can be reproduced by using a PKCS12 file that includes a SAFEBAG attribute with an OCTET STRING or BIT STRING length of 1 GiB or more. When this file is processed with the 'info()' or 'info_as_hash()' methods', the out-of-bounds write is triggered.

Remediation

Users are advised to update to Crypt::OpenSSL::PKCS12 version 1.95, which addresses the vulnerability by adding proper length checks and preventing the integer overflow that led to the out-of-bounds write.