Storable
Monthly
Denial-of-service in the Storable module for Perl (versions before 3.41) allows remote attackers to abort deserialization by supplying a crafted SX_HOOK record whose item count equals I32_MAX. The signed 32-bit count plus one wraps to a negative value, which av_extend rejects with a fatal panic, terminating any thaw() or retrieve() call on attacker-controlled data. No public exploit identified at time of analysis; despite the assigned CVSS of 9.8 (C:H/I:H/A:H), the documented outcome is a controlled abort rather than memory corruption or code execution.
Denial-of-service in the Storable module for Perl (versions before 3.41) allows remote attackers to abort deserialization by supplying a crafted SX_HOOK record whose item count equals I32_MAX. The signed 32-bit count plus one wraps to a negative value, which av_extend rejects with a fatal panic, terminating any thaw() or retrieve() call on attacker-controlled data. No public exploit identified at time of analysis; despite the assigned CVSS of 9.8 (C:H/I:H/A:H), the documented outcome is a controlled abort rather than memory corruption or code execution.