Skip to main content

Storable CVE-2026-57433

CRITICAL
Integer Overflow or Wraparound (CWE-190)
2026-07-13 CPANSec
9.8
CVSS 3.1 · Vendor: CPANSec
Share

Severity by source

Vendor (CPANSec) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (CPANSec) · only source for this CVE.

CVSS VectorVendor: CPANSec

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Source Code Evidence Fetched
Jul 14, 2026 - 14:23 vuln.today
Analysis Generated
Jul 14, 2026 - 14:23 vuln.today
CVSS changed
Jul 14, 2026 - 14:22 NVD
9.8 (CRITICAL)
CVE Published
Jul 13, 2026 - 15:37 cve.org
CRITICAL 9.8
CVE Published
Jul 13, 2026 - 15:37 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record.

retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK record and calls av_extend with that count plus one. A count of I32_MAX wraps the addition to a negative value.

A crafted blob passed to thaw or retrieve triggers the overflow; av_extend receives the negative count and dies with a panic, terminating the deserialization.

AnalysisAI

Denial-of-service in the Storable module for Perl (versions before 3.41) allows remote attackers to abort deserialization by supplying a crafted SX_HOOK record whose item count equals I32_MAX. The signed 32-bit count plus one wraps to a negative value, which av_extend rejects with a fatal panic, terminating any thaw() or retrieve() call on attacker-controlled data. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours, audit all systems and applications using Perl's Storable module to identify those running versions before 3.41. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-57433 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy