CVE-2024-14031

HIGH 8.1

Sereal::Encoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library

CVSS Score

8.1

EPSS Score

0.0%

EPSS Percentile

12th

Sereal::Encoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Encoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.

CWE	CWE-1395
Vendor	yves
Product	sereal::encoder
Published	Mar 31, 2026
Last Updated	Apr 1, 2026

Stay Ahead of the Next One

Get instant alerts for yves sereal::encoder

Be the first to know when new high vulnerabilities affecting yves sereal::encoder are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

YVES / Sereal::Encoder

4.000 ≤ 4.009_002

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/advisories/GHSA-w77f-wv46-4vcx cve.org: https://www.cve.org/CVERecord?id=CVE-2019-11922 metacpan.org: https://metacpan.org/release/YVES/Sereal-Encoder-4.010/changes