Vulnerabilities
Vulnerable Software
Nwclark:  >> Storable  >> 2.01  Security Vulnerabilities
Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record. retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK record and calls av_extend with that count plus one. A count of I32_MAX wraps the addition to a negative value. A crafted blob passed to thaw or retrieve triggers the overflow; av_extend receives the negative count and dies with a panic, terminating the deserialization.
CVSS Score
9.8
EPSS Score
0.002
Published
2026-07-13
Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.
CVSS Score
10.0
EPSS Score
0.006
Published
2026-04-21


Contact Us

Shodan ® - All rights reserved