Home

Description

Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.

PUBLISHED Reserved 2026-03-28 | Published 2026-04-21 | Updated 2026-04-21 | Assigner CPANSec

Problem types

CWE-121 Stack-based Buffer Overflow

Product status

Default status
unaffected

Any version before 3.05
affected

Timeline

2017-01-24:Perl bug RT1 30635 reported.
2017-01-25:Patch committed.
2017-01-29:Storable version 3.05 released.
2018-02-20:Perl v5.27.9 released with Storable 3.06.
2018-10-06:issue assigned CPANSA-Storable-2017-01 in the CPANSA distribution.

References

www.openwall.com/lists/oss-security/2026/04/21/5

github.com/Perl/perl5/issues/15831 issue-tracking

github.com/...a258c17c6937f79529c8319a829310e09cdbd216.patch patch

metacpan.org/release/RURBAN/Storable-3.05/changes release-notes

www.nntp.perl.org/...rl.perl5.porters/2017/01/msg242533.html mailing-list

www.nntp.perl.org/...rl.perl5.porters/2017/01/msg242703.html mailing-list

cve.org (CVE-2017-20230)

nvd.nist.gov (CVE-2017-20230)

Download JSON