3 matches found
CVE-2026-57433
Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SXHOOK record. retrievehookcommon reads a signed 32-bit item count from an SXHOOK record and calls avextend with that count plus one. A count of I32MAX wraps the addition to a negative value. A...
CVE-2026-57433 Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record
Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SXHOOK record. retrievehookcommon reads a signed 32-bit item count from an SXHOOK record and calls avextend with that count plus one. A count of I32MAX wraps the addition to a negative value. A...
CVE-2026-57433
CVE-2026-57433 affects Perl’s Storable before 3.41. A signed 32-bit item count read from an SX_HOOK record is added to one and then fed to av_extend; when the count equals I32_MAX the addition overflows to negative, causing av_extend to panic during thaw/retrieve and terminate deserialization. Mu...