CVE-2024-14031

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sereal::Encoder versions 4.000 through 4.009 002

Description Sereal::Encoder for Perl includes a vulnerable version of the Zstandard (zstd) library. A race condition exists in the one-pass compression functions of Zstandard versions prior to 1.3.8, potentially allowing an attacker to write bytes out of bounds when using an output buffer smaller than the recommended size.

Recommendations Update Sereal::Encoder to a version that includes Zstandard 1.3.8 or later.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-1395

Related Identifiers

CVE-2024-14031

Affected Products

Sereal::Encoder

Zstandard

CVE-2024-14031

Weakness Enumeration

Related Identifiers

Affected Products

References · 10