Description
Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record.
retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK record and calls av_extend with that count plus one. A count of I32_MAX wraps the addition to a negative value.
A crafted blob passed to thaw or retrieve triggers the overflow; av_extend receives the negative count and dies with a panic, terminating the deserialization.
retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK record and calls av_extend with that count plus one. A count of I32_MAX wraps the addition to a negative value.
A crafted blob passed to thaw or retrieve triggers the overflow; av_extend receives the negative count and dies with a panic, terminating the deserialization.
Published:
2026-07-13
Score:
n/a
EPSS:
n/a
KEV:
No
Impact:
n/a
Action:
n/a
No analysis available yet.
Remediation
Vendor Solution
Upgrade to Storable 3.41 or later.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Mon, 13 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record. retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK record and calls av_extend with that count plus one. A count of I32_MAX wraps the addition to a negative value. A crafted blob passed to thaw or retrieve triggers the overflow; av_extend receives the negative count and dies with a panic, terminating the deserialization. | |
| Title | Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record | |
| Weaknesses | CWE-190 | |
| References |
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: CPANSec
Published:
Updated: 2026-07-13T19:30:47.772Z
Reserved: 2026-06-24T13:09:26.322Z
Link: CVE-2026-57433
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-190
Integer Overflow or Wraparound