CVE-2024-14031
Last modified
CVE-2024-14031 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. Sereal::Encoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Encoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.. EPSS estimates a 0.36% chance of exploitation in the next 30 days.
Description
Sereal::Encoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Encoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Yves | Sereal\ | >= 4.000, < 4.010 | Encoder |
References
- https://github.com/advisories/GHSA-w77f-wv46-4vcxNot Applicable
- https://www.cve.org/CVERecord?id=CVE-2019-11922Not Applicable
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-14031?
How severe is CVE-2024-14031?
How do I fix CVE-2024-14031?
Are you affected by CVE-2024-14031?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST