UBUNTU-CVE-2026-41565

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-41565

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-41565.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-41565

Upstream

CVE-2026-41565

Published

2026-05-28T16:16:00Z

Modified

2026-06-03T11:23:42Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

CryptX versions before 0.088001 for Perl have a stack buffer overflow in four AEAD decryptverify helpers. The gcmdecryptverify, ccmdecryptverify, chacha20poly1305decryptverify and eaxdecryptverify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer (MAXBLOCKSIZE) without checking the supplied length. A longer tag overwrites the stack past the buffer. Version 0.088 added the clamp to gcmdecryptverify, and 0.088_001 added it to the other three. Any caller of an affected helper that forwards an attacker-controlled tag longer than the buffer can trigger the overflow.

References

Affected packages

Ubuntu:25.10

libcryptx-perl

Package

Name: libcryptx-perl
Purl: pkg:deb/ubuntu/libcryptx-perl?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.085-1

0.087-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libcryptx-perl",
            "binary_version": "0.087-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-41565.json"

Ubuntu:26.04:LTS

libcryptx-perl

Package

Name: libcryptx-perl
Purl: pkg:deb/ubuntu/libcryptx-perl?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.087-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libcryptx-perl",
            "binary_version": "0.087-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-41565.json"

Ubuntu:Pro:18.04:LTS

libcryptx-perl

Package

Name: libcryptx-perl
Purl: pkg:deb/ubuntu/libcryptx-perl?arch=source&distro=esm-apps%2Fbionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.055-1

0.056-1

0.056-1ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libcryptx-perl",
            "binary_version": "0.056-1ubuntu0.1~esm1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-41565.json"

Ubuntu:Pro:20.04:LTS

libcryptx-perl

Package

Name: libcryptx-perl
Purl: pkg:deb/ubuntu/libcryptx-perl?arch=source&distro=esm-apps%2Ffocal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.064-1

0.064-1build1

0.066-1

0.067-1

0.067-1ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libcryptx-perl",
            "binary_version": "0.067-1ubuntu0.1~esm1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-41565.json"

Ubuntu:Pro:22.04:LTS

libcryptx-perl

Package

Name: libcryptx-perl
Purl: pkg:deb/ubuntu/libcryptx-perl?arch=source&distro=esm-apps%2Fjammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.069-1build1

0.073-1

0.074-1

0.075-1

0.076-1

0.076-1build1

0.076-1ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libcryptx-perl",
            "binary_version": "0.076-1ubuntu0.1~esm1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-41565.json"

Ubuntu:Pro:24.04:LTS

libcryptx-perl

Package

Name: libcryptx-perl
Purl: pkg:deb/ubuntu/libcryptx-perl?arch=source&distro=esm-apps%2Fnoble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.078-1

0.080-1

0.080-2

0.080-2build1

0.080-2build2

0.080-2build3

0.080-2ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libcryptx-perl",
            "binary_version": "0.080-2ubuntu0.1~esm1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-41565.json"