Vulnerability Details CVE-2026-57433
Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record.
retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK record and calls av_extend with that count plus one. A count of I32_MAX wraps the addition to a negative value.
A crafted blob passed to thaw or retrieve triggers the overflow; av_extend receives the negative count and dies with a panic, terminating the deserialization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 7.1%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2026-57433
-
cpe:2.3:a:nwclark:storable:1.0.1
-
cpe:2.3:a:nwclark:storable:1.0.10
-
cpe:2.3:a:nwclark:storable:1.0.2
-
cpe:2.3:a:nwclark:storable:1.0.3
-
cpe:2.3:a:nwclark:storable:1.0.4
-
cpe:2.3:a:nwclark:storable:1.0.5
-
cpe:2.3:a:nwclark:storable:1.0.6
-
cpe:2.3:a:nwclark:storable:1.0.8
-
cpe:2.3:a:nwclark:storable:2.0
-
cpe:2.3:a:nwclark:storable:2.01
-
cpe:2.3:a:nwclark:storable:2.02
-
cpe:2.3:a:nwclark:storable:2.03
-
cpe:2.3:a:nwclark:storable:2.04
-
cpe:2.3:a:nwclark:storable:2.05
-
cpe:2.3:a:nwclark:storable:2.06
-
cpe:2.3:a:nwclark:storable:2.07
-
cpe:2.3:a:nwclark:storable:2.08
-
cpe:2.3:a:nwclark:storable:2.09
-
cpe:2.3:a:nwclark:storable:2.10
-
cpe:2.3:a:nwclark:storable:2.11
-
cpe:2.3:a:nwclark:storable:2.12
-
cpe:2.3:a:nwclark:storable:2.13
-
cpe:2.3:a:nwclark:storable:2.14
-
cpe:2.3:a:nwclark:storable:2.15
-
cpe:2.3:a:nwclark:storable:2.16
-
cpe:2.3:a:nwclark:storable:2.17
-
cpe:2.3:a:nwclark:storable:2.18
-
cpe:2.3:a:nwclark:storable:2.19
-
cpe:2.3:a:nwclark:storable:2.20
-
cpe:2.3:a:nwclark:storable:2.21
-
cpe:2.3:a:nwclark:storable:2.23
-
cpe:2.3:a:nwclark:storable:2.24
-
cpe:2.3:a:nwclark:storable:2.25
-
cpe:2.3:a:nwclark:storable:2.29
-
cpe:2.3:a:nwclark:storable:2.39
-
cpe:2.3:a:nwclark:storable:2.45
-
cpe:2.3:a:nwclark:storable:2.51
-
cpe:2.3:a:nwclark:storable:2.65
-
cpe:2.3:a:nwclark:storable:3.00c
-
cpe:2.3:a:nwclark:storable:3.01c
-
cpe:2.3:a:nwclark:storable:3.02c
-
cpe:2.3:a:nwclark:storable:3.03c
-
cpe:2.3:a:nwclark:storable:3.04c
-
cpe:2.3:a:nwclark:storable:3.05
-
cpe:2.3:a:nwclark:storable:3.05_01
-
cpe:2.3:a:nwclark:storable:3.05_02
-
cpe:2.3:a:nwclark:storable:3.05_03
-
cpe:2.3:a:nwclark:storable:3.05_04
-
cpe:2.3:a:nwclark:storable:3.05_05
-
cpe:2.3:a:nwclark:storable:3.05_06
-
cpe:2.3:a:nwclark:storable:3.05_07
-
cpe:2.3:a:nwclark:storable:3.05_08
-
cpe:2.3:a:nwclark:storable:3.05_09
-
cpe:2.3:a:nwclark:storable:3.05_10
-
cpe:2.3:a:nwclark:storable:3.05_11
-
cpe:2.3:a:nwclark:storable:3.05_12
-
cpe:2.3:a:nwclark:storable:3.05_13
-
cpe:2.3:a:nwclark:storable:3.06
-
cpe:2.3:a:nwclark:storable:3.08
-
cpe:2.3:a:nwclark:storable:3.09
-
cpe:2.3:a:nwclark:storable:3.10