Storable versions before 3.41 for Perl have a signed...
Critical severity
Unreviewed
Published
Jul 13, 2026
to the GitHub Advisory Database
•
Updated Jul 14, 2026
Description
Published by the National Vulnerability Database
Jul 13, 2026
Published to the GitHub Advisory Database
Jul 13, 2026
Last updated
Jul 14, 2026
Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record.
retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK record and calls av_extend with that count plus one. A count of I32_MAX wraps the addition to a negative value.
A crafted blob passed to thaw or retrieve triggers the overflow; av_extend receives the negative count and dies with a panic, terminating the deserialization.
References