CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-20230

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0340%
EPSS Percentile9.59th
Published2026年4月21日
Last Modified2026年4月22日

Vulnerability Description

Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.

Affected Platforms (CPE)

📦
Nwclark

Storable

< 3.05

References & Advisories

🔗 https://github.com/Perl/perl5/commit/a258c17c6937f79529c8319a829310e09cdbd216.patch
🔗 https://github.com/Perl/perl5/issues/15831
🔗 https://metacpan.org/release/RURBAN/Storable-3.05/changes
🔗 https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242533.html
🔗 https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242703.html
🔗 http://www.openwall.com/lists/oss-security/2026/04/21/5

関連する脆弱性情報

CVE-2018-10000517.8

Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible cod...

CVE-2012-61417.5

The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attacke...

CVE-2012-61437.5

Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers t...

CVE-2012-61427.5

Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote atta...