========================================================================
CVE-2026-57433 CPAN Security Group
========================================================================
CVE ID: CVE-2026-57433
Distribution: Storable
Versions: before 3.41
MetaCPAN: https://metacpan.org/dist/Storable
VCS Repo: https://github.com/Perl/perl5
Storable versions before 3.41 for Perl have a signed integer overflow
when deserializing a crafted SX_HOOK record
Description
-----------
Storable versions before 3.41 for Perl have a signed integer overflow
when deserializing a crafted SX_HOOK record.
retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK
record and calls av_extend with that count plus one. A count of I32_MAX
wraps the addition to a negative value.
A crafted blob passed to thaw or retrieve triggers the overflow;
av_extend receives the negative count and dies with a panic,
terminating the deserialization.
Problem types
-------------
- CWE-190 Integer Overflow or Wraparound
Solutions
---------
Upgrade to Storable 3.41 or later.
References
----------
https://github.com/Perl/perl5/commit/e4f681784bcdeaa91ff02a2fa4cdcae5c46779d7.patch