CVE-2017-20230
Severity CVSS v4.0:
Pending analysis
Type:
CWE-121
Stack-based Buffer Overflow
Publication date:
21/04/2026
Last modified:
22/04/2026
Description
Storable versions before 3.05 for Perl has a stack overflow.<br />
<br />
The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.
Impact
Base Score 3.x
10.00
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:nwclark:storable:*:*:*:*:*:perl:*:* | 3.05 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/Perl/perl5/commit/a258c17c6937f79529c8319a829310e09cdbd216.patch
- https://github.com/Perl/perl5/issues/15831
- https://metacpan.org/release/RURBAN/Storable-3.05/changes
- https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242533.html
- https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242703.html
- http://www.openwall.com/lists/oss-security/2026/04/21/5