CVE-2024-14031 in YVES Sereal::Encoderinformation

Résumé (Anglaise)

Sereal::Encoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library. Sereal::Encoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.

Responsable

CPANSec

Réserver

29/03/2026

Divulgation

31/03/2026

Entrées

VulDB provides additional information and datapoints for this CVE:

ID	Vulnérabilité	CWE	Exp	Con	CVE
354369	YVES Sereal::Encoder Compression Exécution de code à distance	1395	Non défini	Non défini	CVE-2024-14031

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

◂ PrécédentAperçuSuivant ▸

Might our Artificial Intelligence support you?

Check our Alexa App!