← Zuruck zu CVEs
CVE-2017-20230
CRITICAL10.0
Beschreibung
Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.
CVE Details
CVSS v3.1 Bewertung10.0
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht4/21/2026
Zuletzt geandert4/22/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
nwclark:storable
Schwachen (CWE)
CWE-121
Referenzen
https://github.com/Perl/perl5/commit/a258c17c6937f79529c8319a829310e09cdbd216.patch(9b29abf9-4ab0-4765-b253-1875cd9b441e)
https://github.com/Perl/perl5/issues/15831(9b29abf9-4ab0-4765-b253-1875cd9b441e)
https://metacpan.org/release/RURBAN/Storable-3.05/changes(9b29abf9-4ab0-4765-b253-1875cd9b441e)
https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242533.html(9b29abf9-4ab0-4765-b253-1875cd9b441e)
https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242703.html(9b29abf9-4ab0-4765-b253-1875cd9b441e)
http://www.openwall.com/lists/oss-security/2026/04/21/5(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.