CVE-2026-57433
Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record
CVSS Score
9.8
EPSS Score
0.2%
EPSS Percentile
7th
Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record. retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK record and calls av_extend with that count plus one. A count of I32_MAX wraps the addition to a negative value. A crafted blob passed to thaw or retrieve triggers the overflow; av_extend receives the negative count and dies with a panic, terminating the deserialization.
| CWE | CWE-190 |
| Vendor | haarg |
| Product | storable |
| Published | Jul 13, 2026 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for haarg storable
Be the first to know when new critical vulnerabilities affecting haarg storable are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
HAARG / Storable
0 < 3.41