GHSA-r969-gf4c-xqf7CriticalCVSS 9.8

Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a...

Published
July 13, 2026
Last Modified
July 14, 2026

🔗 CVE IDs covered (1)

📋 Description

Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record.

retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK record and calls av_extend with that count plus one. A count of I32_MAX wraps the addition to a negative value.

A crafted blob passed to thaw or retrieve triggers the overflow; av_extend receives the negative count and dies with a panic, terminating the deserialization.

🔗 References (4)