CVE-2017-20230NVD

Vulnerability Summary

Storable versions before 3.05 for Perl has a stack overflow.

The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.

Severity Level

CRITICAL(10.0)

Published Date

Apr 21, 2026

Last Modified

Apr 22, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.03%Probability

Root Weakness (CWE)

CWE-121: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeChanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://github.com/Perl/perl5/commit/a258c17c6937f79529c8319a829310e09cdbd216.patch
https://github.com/Perl/perl5/issues/15831
https://metacpan.org/release/RURBAN/Storable-3.05/changes
https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242533.html
https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242703.html
http://www.openwall.com/lists/oss-security/2026/04/21/5

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2017-20230NVD

Vulnerability Summary

External References