CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-14030

Sereal::Decoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Decoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.6%

CVSS Severity

CVSS v3 Score 8.1

References

https://github.com/advisories/GHSA-w77f-wv46-4vcx
https://metacpan.org/release/YVES/Sereal-Decoder-4.010/changes
https://www.cve.org/CVERecord?id=CVE-2019-11922

Products affected by CVE-2024-14030

Yves » Sereal: » Version: Any

cpe:2.3:a:yves:sereal:

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-14030

Products

Pricing

Contact Us