Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.
The retrieve_hook function stores the length of the class name in a signed integer variable, but during the read operation treats this length as an unsigned value. The discrepancy between signed and unsigned interpretation allows an attacker to prepare specially crafted data that triggers a stack buffer overflow (stack overflow, CWE-121). Exploitation does not require authentication or user interaction.
An attacker can cause a stack overflow, potentially resulting in remote code execution (RCE), breach of data confidentiality and integrity, and system unavailability.
The Storable module should be updated to version 3.05 or later. A patch is available in the perl5 repository at the address indicated in the vendor references (commit a258c17c6937f79529c8319a829310e09cdbd216).
Nwclark Storable module in versions before 3.05 for the Perl language.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HNwclark Storable
APPNwclark< 3.05