Stack Overflow Vulnerability in Storable for Perl by Perl
CVE-2017-20230

10CRITICAL

Key Information:

Vendor

Nwclark

Status
Storable
Vendor
CVE Published:
21 April 2026

What is CVE-2017-20230?

The Storable module for Perl, prior to version 3.05, is susceptible to a stack overflow vulnerability. This issue arises from the retrieve_hook function, where it improperly handles the class name length by storing it in a signed integer but treating it as unsigned during read operations. This discrepancy can be exploited by an attacker to craft malicious data, potentially triggering the overflow and leading to further malicious exploits or application instability. Users are recommended to update to the latest version to mitigate this risk.

Affected Version(s)

Storable 0 < 3.05

References

https://github.com/Perl/perl5/issues/15831
issue-tracking
https://github.com/Perl/perl5/commit/a258c17c6937f79529c8...
patch
https://metacpan.org/release/RURBAN/Storable-3.05/changes
release-notes

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.