← Back

CVE-2024-14030

nvd nist
Published: Mar 31, 2026Modified: Apr 13, 2026

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Sereal::Decoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Decoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.

Affected (1)

Products: Yves: Sereal\
Yves
1 product
Sereal\
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Sereal\
From 4.000 to 4.010

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (3)

Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Not Applicable
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Release Notes
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Not Applicable

Timeline

No history available yet.