CVE-2026-57433 in Storableinformação

Sumário

de MITRE • 13/07/2026

Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record.

retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK record and calls av_extend with that count plus one. A count of I32_MAX wraps the addition to a negative value.

A crafted blob passed to thaw or retrieve triggers the overflow; av_extend receives the negative count and dies with a panic, terminating the deserialization.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsável

CPANSec

Reservar

24/06/2026

Divulgação

13/07/2026

Moderação

aceite

Entrada

VDB-378120

CPE

pronto

EPSS

0.00000

KEV

não

Atividades

baixo

Fontes

Do you want to use VulDB in your project?

Use the official API to access entries easily!