← Volver a CVEs

CVE-2017-20230

CRITICAL

10.0

Descripcion

Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.

Detalles CVE

Puntuacion CVSS v3.110.0

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado4/21/2026

Ultima modificacion4/22/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

nwclark:storable

Debilidades (CWE)

CWE-121

Referencias

https://github.com/Perl/perl5/commit/a258c17c6937f79529c8319a829310e09cdbd216.patch(9b29abf9-4ab0-4765-b253-1875cd9b441e)

https://github.com/Perl/perl5/issues/15831(9b29abf9-4ab0-4765-b253-1875cd9b441e)

https://metacpan.org/release/RURBAN/Storable-3.05/changes(9b29abf9-4ab0-4765-b253-1875cd9b441e)

https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242533.html(9b29abf9-4ab0-4765-b253-1875cd9b441e)

https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242703.html(9b29abf9-4ab0-4765-b253-1875cd9b441e)

http://www.openwall.com/lists/oss-security/2026/04/21/5(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.