CVE-2024-14031

Sereal::Encoder versions from 4.000 through 4.009 002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library.

Sereal::Encoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.