CVE-2024-14030

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sereal::Decoder versions 4.000 through 4.009 002

Description Sereal::Decoder for Perl embeds a vulnerable version of the Zstandard (zstd) library. A race condition exists in the one-pass compression functions of Zstandard prior to version 1.3.8, potentially allowing an attacker to write bytes out of bounds when using an output buffer smaller than the recommended size.

Recommendations Update Sereal::Decoder to a version newer than 4.009 002.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1395CWE-787

Related Identifiers

CVE-2024-14030

Affected Products

Sereal::Decoder

Zstandard

CVE-2024-14030

Weakness Enumeration

Related Identifiers

Affected Products

References · 10