Fluid Attacks Database

Description

Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel7	perl-Storable	-	-
debian 11	perl	>=0 <5.28.0-3	5.28.0-3
debian 12	perl	>=0 <5.28.0-3	5.28.0-3
debian 13	perl	>=0 <5.28.0-3	5.28.0-3
debian 14	perl	>=0 <5.28.0-3	5.28.0-3

Aliases

1. CVE-2017-202302. NVD-2017-202303. OSV-2017-202304. OSV-DEBIAN-2017-202305. SECURITY-TRACKER-CVE-2017-20230

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.