PT-2026-57824 · Storable · Storable
Published
2026-07-13
·
Updated
2026-07-13
·
CVE-2026-57433
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Storable versions prior to 3.41
Description
A signed integer overflow occurs during the deserialization of a specially crafted SX HOOK record. The function
retrieve hook common() reads a signed 32-bit item count and passes it to av extend() after adding one. If the count is set to I32 MAX, the addition wraps to a negative value. When a crafted blob is processed by thaw() or retrieve(), this overflow causes av extend() to receive a negative count, resulting in a panic that terminates the deserialization process.Recommendations
Update to version 3.41 or later.
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Storable