8.1

CVE-2024-14030

EPSS 0.05%
Veröffentlicht 31.03.2026 11:31:08
Zuletzt bearbeitet 13.04.2026 14:07:54
Quelle 9b29abf9-4ab0-4765-b253-1875cd
CVE-Watchlists
Login
Unerledigt
Login

Sereal::Decoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library.

Sereal::Decoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922.  This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Yves ≫ Sereal::decoder SwPlatformperl Version >= 4.000 < 4.010

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.166

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://github.com/advisories/GHSA-w77f-wv46-4vcx

Not Applicable

https://www.cve.org/CVERecord?id=CVE-2019-11922

Not Applicable

https://metacpan.org/release/YVES/Sereal-Decoder-4.010/changes

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2024-14030

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-14030

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-14030

EUVD