retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK record and calls av_extend with that count plus one. A count of I32_MAX wraps the addition to a negative value.
A crafted blob passed to thaw or retrieve triggers the overflow; av_extend receives the negative count and dies with a panic, terminating the deserialization.
Analysis and contextual insights are available on OpenCVE Cloud.
Vendor Solution
Upgrade to Storable 3.41 or later.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 14 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Mon, 13 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record. retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK record and calls av_extend with that count plus one. A count of I32_MAX wraps the addition to a negative value. A crafted blob passed to thaw or retrieve triggers the overflow; av_extend receives the negative count and dies with a panic, terminating the deserialization. | |
| Title | Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record | |
| Weaknesses | CWE-190 | |
| References |
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: CPANSec
Published:
Updated: 2026-07-14T13:36:37.394Z
Reserved: 2026-06-24T13:09:26.322Z
Link: CVE-2026-57433
Updated: 2026-07-14T13:36:20.698Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-16T08:30:04Z