CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow

Q: What is the severity of CVE-2017-20230?

CVE-2017-20230 is considered a critical vulnerability due to the potential for remote code execution resulting from the stack overflow.

Q: How do I fix CVE-2017-20230?

To fix CVE-2017-20230, upgrade to Storable version 3.05 or later.

Q: What is the impact of CVE-2017-20230 on affected software?

The impact of CVE-2017-20230 includes the potential for an attacker to exploit a stack overflow, leading to arbitrary code execution on the affected system.

Q: Which versions of Storable are affected by CVE-2017-20230?

CVE-2017-20230 affects all Storable versions prior to 3.05.

Q: What is the cause of CVE-2017-20230?

CVE-2017-20230 is caused by the retrieve_hook function's mishandling of the class name length as a signed integer during read operations.

Published Apr 21, 2026

Updated

Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.

Affected Software

2 affected components

cpan/Storable<3.05

Nwclark Storable Perl<3.05

Remediation

Information

Upgrade to Storable version 3.05 or newer.

Patch Available

https://github.com/Perl/perl5/commit/a258c17c6937f79529c8319a829310e09cdbd216.patch

Event History

Apr 21, 2026

CVE Published

via MITRE·03:26 PM

Data Sourced

via MITRE·03:26 PM

RemedyDescriptionWeakness

Data Sourced

via NVD·04:16 PM

RemedyDescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2017-20230?

CVE-2017-20230 is considered a critical vulnerability due to the potential for remote code execution resulting from the stack overflow.

How do I fix CVE-2017-20230?

To fix CVE-2017-20230, upgrade to Storable version 3.05 or later.

What is the impact of CVE-2017-20230 on affected software?

The impact of CVE-2017-20230 includes the potential for an attacker to exploit a stack overflow, leading to arbitrary code execution on the affected system.

Which versions of Storable are affected by CVE-2017-20230?

CVE-2017-20230 affects all Storable versions prior to 3.05.

What is the cause of CVE-2017-20230?

CVE-2017-20230 is caused by the retrieve_hook function's mishandling of the class name length as a signed integer during read operations.

CVSS Score

10.0Critical

Critical Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Security Metrics

Risk Score93

Severitycritical(10)

CWE

121

Timeline

PublishedApr 21, 2026

Updated

References

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.