Back to overview

CVE-2026-57433

Description
Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record. retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK record and calls av_extend with that count plus one. A count of I32_MAX wraps the addition to a negative value. A crafted blob passed to thaw or retrieve triggers the overflow; av_extend receives the negative count and dies with a panic, terminating the deserialization.

Metadata

CVE ID
CVE-2026-57433
State
PUBLISHED
Assigner
CPANSec
Reserved
2026-06-24 13:09 UTC
Published
2026-07-13 15:37 UTC
Last updated
2026-07-13 19:30 UTC
Primary CWE
CWE-190
CWE-190 Integer Overflow or Wraparound
Vendor / Product
HAARG / Storable
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
HAARG Storable 0 < 3.41
Weakness (CWE)
CWESourceDescription
CWE-190 cna CWE-190 Integer Overflow or Wraparound
Back to overview