CVE-2017-20230

EUVD-2017-18967
Storable versions before 3.05 for Perl has a stack overflow.

The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Affected Products (NVD)
VendorProductVersion
nwclarkstorable
𝑥
< 3.05
𝑥
= Vulnerable software versions
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
perl
suse enterprise server 12 SP3
5.18.2-12.32.1
fixed
suse enterprise server 12 SP5
5.18.2-12.32.1
fixed
perl-32bit
suse enterprise server 12 SP3
5.18.2-12.32.1
fixed
suse enterprise server 12 SP5
5.18.2-12.32.1
fixed
perl-base
suse enterprise server 12 SP3
5.18.2-12.32.1
fixed
suse enterprise server 12 SP5
5.18.2-12.32.1
fixed
perl-doc
suse enterprise server 12 SP3
5.18.2-12.32.1
fixed
suse enterprise server 12 SP5
5.18.2-12.32.1
fixed
Common Weakness Enumeration
References
https://github.com/Perl/perl5/commit/a258c17c6937f79529c8319a829310e09cdbd216.patch
https://github.com/Perl/perl5/issues/15831
https://metacpan.org/release/RURBAN/Storable-3.05/changes
https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242533.html
https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242703.html
http://www.openwall.com/lists/oss-security/2026/04/21/5