PT-2026-57824 · Storable · Storable

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-57433

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Storable versions prior to 3.41
Description A signed integer overflow occurs during the deserialization of a specially crafted SX HOOK record. The function retrieve hook common() reads a signed 32-bit item count and passes it to av extend() after adding one. If the count is set to I32 MAX, the addition wraps to a negative value. When a crafted blob is processed by thaw() or retrieve(), this overflow causes av extend() to receive a negative count, resulting in a panic that terminates the deserialization process.
Recommendations Update to version 3.41 or later.

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-57433

Affected Products

Storable