Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

CVE-2017-20230 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2017-20230

CVE-2017-20230

CRITICAL10.0

Storable versions before 3.05 for Perl has a stack overflow

Published Apr 21, 2026

Modified 1 weeks ago

Details

Storable versions before 3.05 for Perl has a stack overflow.

The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.

References

WEB

http://www.openwall.com/lists/oss-security/2026/04/21/5

FIX

https://github.com/Perl/perl5/commit/a258c17c6937f79529c8319a829310e09cdbd216.patch

WEB

https://github.com/Perl/perl5/issues/15831

WEB

https://metacpan.org/release/RURBAN/Storable-3.05/changes

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2017-20230

WEB

https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242533.html

WEB

https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242703.html

CVSS Analysis

CVSS v3.1

10.0

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

ChangedS:C

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

10/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weakness Type (CWE)

Other

CWE-121

Ecosystems

Timeline

PublishedApr 21, 2026

ModifiedApr 21, 2026