Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record.
retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK record and calls av_extend with that count plus one. A count of I32_MAX wraps the addition to a negative value.
A crafted blob passed to thaw or retrieve triggers the overflow; av_extend receives the negative count and dies with a panic, terminating the deserialization.
Metrics
Affected Vendors & Products
References
History
Mon, 13 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record. retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK record and calls av_extend with that count plus one. A count of I32_MAX wraps the addition to a negative value. A crafted blob passed to thaw or retrieve triggers the overflow; av_extend receives the negative count and dies with a panic, terminating the deserialization. | |
| Title | Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record | |
| Weaknesses | CWE-190 | |
| References |
|
Status: PUBLISHED
Assigner: CPANSec
Published:
Updated: 2026-07-13T19:30:47.772Z
Reserved: 2026-06-24T13:09:26.322Z
Link: CVE-2026-57433
No data.
No data.
No data.
OpenCVE Enrichment
No data.