CVE-2017-20230

CRITICAL 10.0

Storable versions before 3.05 for Perl has a stack overflow

CVSS Score

10.0

EPSS Score

0.0%

EPSS Percentile

0th

Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.

CWE	CWE-121
Vendor	nwclark
Product	storable
Published	Apr 21, 2026
Last Updated	Apr 21, 2026

Stay Ahead of the Next One

Get instant alerts for nwclark storable

Be the first to know when new critical vulnerabilities affecting nwclark storable are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

NWCLARK / Storable

0 < 3.05

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/Perl/perl5/issues/15831 github.com: https://github.com/Perl/perl5/commit/a258c17c6937f79529c8319a829310e09cdbd216.patch metacpan.org: https://metacpan.org/release/RURBAN/Storable-3.05/changes nntp.perl.org: https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242533.html nntp.perl.org: https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242703.html openwall.com: http://www.openwall.com/lists/oss-security/2026/04/21/5