CVE-2026-57433
Description
Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record.
retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK record and calls av_extend with that count plus one. A count of I32_MAX wraps the addition to a negative value.
A crafted blob passed to thaw or retrieve triggers the overflow; av_extend receives the negative count and dies with a panic, terminating the deserialization.
Metadata
Severity & Metrics
No CVSS data available.
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| HAARG | Storable | — | 0 < 3.41 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-190 | cna | CWE-190 Integer Overflow or Wraparound |