Skip to main content

Red Hat CVE-2017-20230

| EUVDEUVD-2017-18967 CRITICAL
Stack-based Buffer Overflow (CWE-121)
2026-04-21 CPANSec
Critical
Disputed · 10.0 NVD
Share

Severity by source

Sources disagree (Low–Critical)
NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
SUSE
3.1 LOW
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Red Hat
6.5 MEDIUM
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
CVSS changed
Apr 21, 2026 - 17:22 NVD
10.0 (CRITICAL)
EUVD ID Assigned
Apr 21, 2026 - 16:00 euvd
EUVD-2017-18967
Patch released
Apr 21, 2026 - 16:00 nvd
Patch available
CVE Published
Apr 21, 2026 - 15:26 nvd
CRITICAL 10.0

DescriptionCVE.org

Storable versions before 3.05 for Perl has a stack overflow.

The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.

AnalysisAI

Storable versions before 3.05 for Perl has a stack overflow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-121. Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow. Affected products include: Nwclark Storable. Version information: before 3.05.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Vendor StatusVendor

SUSE

Severity: Low
Product Status
Image SLES12-SP5-GCE-On-Demand Affected
SUSE Linux Enterprise Server 12 SP5-LTSS Fixed
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 Fixed
SLES15-SP5-CHOST-BYOS-SAP-CCloud Fixed
SLES15-SP6-CHOST-BYOS Fixed

Share

CVE-2017-20230 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy