CyberSec.Space Logo
Back to CVE Browser

CVE-2017-20230

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0340%
EPSS Percentile9.59th
PublishedApr 21, 2026
Last ModifiedApr 22, 2026

Vulnerability Description

Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.

Affected Platforms (CPE)

πŸ“¦
Nwclark

Storable

< 3.05

References & Advisories

πŸ”— https://github.com/Perl/perl5/commit/a258c17c6937f79529c8319a829310e09cdbd216.patch
πŸ”— https://github.com/Perl/perl5/issues/15831
πŸ”— https://metacpan.org/release/RURBAN/Storable-3.05/changes
πŸ”— https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242533.html
πŸ”— https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242703.html
πŸ”— http://www.openwall.com/lists/oss-security/2026/04/21/5

Related Vulnerabilities

CVE-2018-10000517.8

Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible cod...

CVE-2012-61417.5

The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attacke...

CVE-2012-61437.5

Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers t...

CVE-2012-61427.5

Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote atta...