Back

Critical Buffer Overflow in Fedora's perl-CryptX Affects Multiple Versions

Severity: High (Score: 72.9)

Sources: Linuxsecurity

Published: 2026-06-07 · Updated: 2026-06-07

Keywords: perl-cryptx, overflow, buffer, stack, fedora, cve-2026-41565, allows

Severity indicators: critical, buffer overflow, CVE:CVE-2026-41565

Summary

A critical buffer overflow vulnerability (CVE-2026-41565) has been identified in the perl-CryptX package used in Fedora 43 and 44. This flaw allows for arbitrary code execution via a crafted authentication tag, posing a significant risk to systems running affected versions. The vulnerability was published on May 28, 2026, and affects all Fedora installations utilizing perl-CryptX. Users are urged to apply the updates provided through the 'dnf' package manager to mitigate the risk. The updates can be installed using specific commands provided in the advisories. Both Fedora 43 and 44 are impacted, highlighting the need for immediate action from system administrators. As of the publication date, no active exploitation has been reported, but the severity of the vulnerability necessitates prompt remediation. Key Points: • CVE-2026-41565 is a critical buffer overflow in perl-CryptX affecting Fedora 43 and 44. • The vulnerability allows arbitrary code execution via a crafted authentication tag. • Users are advised to upgrade their systems using the provided dnf commands.

Detailed Analysis

**Impact** Multiple versions of Fedora, specifically Fedora 43 and Fedora 44, are affected by this vulnerability in the perl-CryptX package. The flaw allows arbitrary code execution, potentially compromising systems that rely on this cryptographic module. No specific sectors, geographies, or data types at risk are detailed in the articles. **Technical Details** The vulnerability is a stack buffer overflow identified as CVE-2026-41565, triggered via a crafted authentication tag in perl-CryptX. The attack vector involves exploiting the buffer overflow to execute arbitrary code. No malware, tools, or infrastructure details are provided. The kill chain stage corresponds to exploitation. **Recommended Response** Apply the security updates immediately using the Fedora "dnf" package manager with the advisories FEDORA-2026-2ef4c0c642 for Fedora 43 and FEDORA-2026-2158c96917 for Fedora 44. Monitor systems for unusual authentication tag activity or signs of code execution related to perl-CryptX. No additional detection or mitigation details are provided.

Source articles (2)

  • Fedora 44 perl-CryptX High Stack Overflow Resolution 2026 — Linuxsecurity · 2026-06-07
    [ 1 ] Bug #2482788 - CVE-2026-41565 perl-CryptX: perl-CryptX: Stack buffer overflow allows arbitrary code execution via a crafted authentication tag. [fedora-all] This update can be installed with the…
  • Fedora 43 perl-CryptX Critical Buffer Overflow CVE-2026 — Linuxsecurity · 2026-06-07
    [ 1 ] Bug #2482788 - CVE-2026-41565 perl-CryptX: perl-CryptX: Stack buffer overflow allows arbitrary code execution via a crafted authentication tag. [fedora-all] This update can be installed with the…

Timeline

  • 2026-05-28 — CVE-2026-41565 published: A critical buffer overflow vulnerability in perl-CryptX was disclosed, allowing arbitrary code execution.
  • 2026-06-07 — Advisories released for Fedora 43 and 44: Fedora released updates to address the critical buffer overflow in perl-CryptX, urging users to apply them immediately.

CVEs

  • CVE-2026-41565

Related entities

  • Zero-day Exploit (Attack Type)
  • CWE-120 - Classic Buffer Overflow (Cwe)
  • Fedora (Company)
  • Linux (Platform)
  • Perl-CryptX (Vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed