CVE-2024-14030

Sereal::Decoder for Perl versions 4.000–4.009_002 embeds Zstandard (zstd) prior to 1.3.8, which has a race-condition in one-pass compression that can cause a out-of-bounds write if the output buffer is undersized (CVE-2019-11922). Affected product: Sereal::Decoder (Perl); vulnerable component: em...