CVE-2024-14030
Last modified
CVE-2024-14030 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. Sereal::Decoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Decoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.. EPSS estimates a 0.36% chance of exploitation in the next 30 days.
Description
Sereal::Decoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Decoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Yves | Sereal\ | >= 4.000, < 4.010 | Decoder |
References
- https://github.com/advisories/GHSA-w77f-wv46-4vcxNot Applicable
- https://www.cve.org/CVERecord?id=CVE-2019-11922Not Applicable
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-14030?
How severe is CVE-2024-14030?
How do I fix CVE-2024-14030?
Are you affected by CVE-2024-14030?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST