CVE-2017-20230 - Vulnerability Analysis
CriticalCVSS: 10.0Last Updated: April 21, 2026
Storable Perl - Buffer Overflow
Published: April 21, 2026Updated: April 21, 2026Remote Exploitable
Overview
Storable < 3.05 for Perl contains a buffer overflow caused by inconsistent signed and unsigned length handling in retrieve_hook function, letting attackers trigger a stack overflow via crafted data.
Severity & Score
Severity: Critical
CVSS Score: 10.0
Impact
Attackers can cause a stack overflow, potentially leading to denial of service or arbitrary code execution.
Mitigation
Update to version 3.05 or later.
References
- https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242703.html
- http://www.openwall.com/lists/oss-security/2026/04/21/5
- https://github.com/Perl/perl5/commit/a258c17c6937f79529c8319a829310e09cdbd216.patch
- https://github.com/Perl/perl5/issues/15831
- https://metacpan.org/release/RURBAN/Storable-3.05/changes
- https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242533.html
Related Resources
Details
- CVE ID
- CVE-2017-20230
- Severity
- Critical
- CVSS Score
- 10.0
- Type
- buffer_overflow
- Status
- unconfirmed
CWE
- CWE-121
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H