{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright © Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-20230.json" } ], "title": "perl-Storable: Storable for Perl: Denial of service via stack overflow in retrieve_hook function", "tracking": { "current_release_date": "2026-04-23T14:47:34+00:00", "generator": { "date": "2026-04-23T14:47:34+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.7.5" } }, "id": "CVE-2017-20230", "initial_release_date": "2017-01-01T00:00:00+00:00", "revision_history": [ { "date": "2017-01-01T00:00:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2026-04-23T11:12:54+00:00", "number": "2", "summary": "Current version" }, { "date": "2026-04-23T14:47:34+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 10", "product": { "name": "Red Hat Enterprise Linux 10", "product_id": "red_hat_enterprise_linux_10", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:10" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux 10" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "red_hat_enterprise_linux_7", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux 7" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 8", "product": { "name": "Red Hat Enterprise Linux 8", "product_id": "red_hat_enterprise_linux_8", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:8" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux 8" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 9", "product": { "name": "Red Hat Enterprise Linux 9", "product_id": "red_hat_enterprise_linux_9", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:9" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux 9" }, { "branches": [ { "category": "product_name", "name": "Red Hat Hardened Images", "product": { "name": "Red Hat Hardened Images", "product_id": "Red Hat Hardened Images", "product_identification_helper": { "cpe": "cpe:/a:redhat:hummingbird:1" } } } ], "category": "product_family", "name": "Red Hat Hardened Images" }, { "category": "product_version", "name": "perl-Storable.src", "product": { "name": "perl-Storable.src", "product_id": "perl-Storable.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/perl-Storable?arch=src" } } }, { "category": "product_version", "name": "perl-Storable::perl:5.32", "product": { "name": "perl-Storable (perl:5.32)", "product_id": "perl-Storable::perl:5.32", "product_identification_helper": { "purl": "pkg:rpm/redhat/perl-Storable?rpmmod=perl:5.32" } } }, { "category": "product_version", "name": "perl-Storable.src::perl:5.32", "product": { "name": "perl-Storable.src (perl:5.32)", "product_id": "perl-Storable.src::perl:5.32", "product_identification_helper": { "purl": "pkg:rpm/redhat/perl-Storable?arch=src&rpmmod=perl:5.32" } } }, { "category": "product_version", "name": "perl-Storable", "product": { "name": "perl-Storable", "product_id": "perl-Storable", "product_identification_helper": { "purl": "pkg:rpm/redhat/perl-Storable" } } }, { "branches": [ { "category": "product_version", "name": "perl-storable-main@aarch64", "product": { "name": "perl-storable-main@aarch64", "product_id": "perl-storable-main@aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/perl-Storable@3.37-522.1.hum1?arch=aarch64&distro=hummingbird-20251124&repository_id=public-hummingbird-aarch64-rpms" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "perl-storable-main@src", "product": { "name": "perl-storable-main@src", "product_id": "perl-storable-main@src", "product_identification_helper": { "purl": "pkg:rpm/redhat/perl-Storable@3.37-522.1.hum1?arch=src&distro=hummingbird-20251124&repository_id=public-hummingbird-source-rpms" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "perl-storable-main@x86_64", "product": { "name": "perl-storable-main@x86_64", "product_id": "perl-storable-main@x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/perl-Storable@3.37-522.1.hum1?arch=x86_64&distro=hummingbird-20251124&repository_id=public-hummingbird-x86_64-rpms" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "perl-storable-main@aarch64 as a component of Red Hat Hardened Images", "product_id": "Red Hat Hardened Images:perl-storable-main@aarch64" }, "product_reference": "perl-storable-main@aarch64", "relates_to_product_reference": "Red Hat Hardened Images" }, { "category": "default_component_of", "full_product_name": { "name": "perl-storable-main@src as a component of Red Hat Hardened Images", "product_id": "Red Hat Hardened Images:perl-storable-main@src" }, "product_reference": "perl-storable-main@src", "relates_to_product_reference": "Red Hat Hardened Images" }, { "category": "default_component_of", "full_product_name": { "name": "perl-storable-main@x86_64 as a component of Red Hat Hardened Images", "product_id": "Red Hat Hardened Images:perl-storable-main@x86_64" }, "product_reference": "perl-storable-main@x86_64", "relates_to_product_reference": "Red Hat Hardened Images" }, { "category": "default_component_of", "full_product_name": { "name": "perl-Storable.src as a component of Red Hat Enterprise Linux 10", "product_id": "red_hat_enterprise_linux_10:perl-Storable.src" }, "product_reference": "perl-Storable.src", "relates_to_product_reference": "red_hat_enterprise_linux_10" }, { "category": "default_component_of", "full_product_name": { "name": "perl-Storable.src as a component of Red Hat Enterprise Linux 7", "product_id": "red_hat_enterprise_linux_7:perl-Storable.src" }, "product_reference": "perl-Storable.src", "relates_to_product_reference": "red_hat_enterprise_linux_7" }, { "category": "default_component_of", "full_product_name": { "name": "perl-Storable as a component of Red Hat Enterprise Linux 8", "product_id": "red_hat_enterprise_linux_8:perl-Storable" }, "product_reference": "perl-Storable", "relates_to_product_reference": "red_hat_enterprise_linux_8" }, { "category": "default_component_of", "full_product_name": { "name": "perl-Storable.src as a component of Red Hat Enterprise Linux 8", "product_id": "red_hat_enterprise_linux_8:perl-Storable.src" }, "product_reference": "perl-Storable.src", "relates_to_product_reference": "red_hat_enterprise_linux_8" }, { "category": "default_component_of", "full_product_name": { "name": "perl-Storable.src (perl:5.32) as a component of Red Hat Enterprise Linux 8", "product_id": "red_hat_enterprise_linux_8:perl-Storable.src::perl:5.32" }, "product_reference": "perl-Storable.src::perl:5.32", "relates_to_product_reference": "red_hat_enterprise_linux_8" }, { "category": "default_component_of", "full_product_name": { "name": "perl-Storable (perl:5.32) as a component of Red Hat Enterprise Linux 8", "product_id": "red_hat_enterprise_linux_8:perl-Storable::perl:5.32" }, "product_reference": "perl-Storable::perl:5.32", "relates_to_product_reference": "red_hat_enterprise_linux_8" }, { "category": "default_component_of", "full_product_name": { "name": "perl-Storable.src as a component of Red Hat Enterprise Linux 9", "product_id": "red_hat_enterprise_linux_9:perl-Storable.src" }, "product_reference": "perl-Storable.src", "relates_to_product_reference": "red_hat_enterprise_linux_9" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-20230", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2026-04-21T16:00:58.706136+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "red_hat_enterprise_linux_10:perl-Storable.src", "red_hat_enterprise_linux_8:perl-Storable", "red_hat_enterprise_linux_8:perl-Storable.src", "red_hat_enterprise_linux_8:perl-Storable.src::perl:5.32", "red_hat_enterprise_linux_8:perl-Storable::perl:5.32", "red_hat_enterprise_linux_9:perl-Storable.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2460147" } ], "notes": [ { "category": "description", "text": "A flaw was found in Storable for Perl. A remote attacker can exploit a vulnerability in the `retrieve_hook` function by crafting malicious data. This flaw occurs because the function incorrectly handles the length of class names, storing it as a signed integer but processing it as unsigned during read operations. Successful exploitation leads to a stack overflow, which can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "perl-Storable: Storable for Perl: Denial of service via stack overflow in retrieve_hook function", "title": "Vulnerability summary" }, { "category": "other", "text": "This is an Moderate denial of service flaw in perl-Storable. The vulnerability arises from incorrect handling of class name lengths during deserialization, which can lead to a stack overflow when processing specially crafted data. To exploit this vulnerability the attacker needs to trick the user to use a maliciously crafted data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Hardened Images:perl-storable-main@aarch64", "Red Hat Hardened Images:perl-storable-main@src", "Red Hat Hardened Images:perl-storable-main@x86_64" ], "known_affected": [ "red_hat_enterprise_linux_7:perl-Storable.src" ], "known_not_affected": [ "red_hat_enterprise_linux_10:perl-Storable.src", "red_hat_enterprise_linux_8:perl-Storable", "red_hat_enterprise_linux_8:perl-Storable.src", "red_hat_enterprise_linux_8:perl-Storable.src::perl:5.32", "red_hat_enterprise_linux_8:perl-Storable::perl:5.32", "red_hat_enterprise_linux_9:perl-Storable.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-20230" }, { "category": "external", "summary": "RHBZ#2460147", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460147" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-20230", "url": "https://www.cve.org/CVERecord?id=CVE-2017-20230" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-20230", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-20230" }, { "category": "external", "summary": "https://github.com/Perl/perl5/commit/a258c17c6937f79529c8319a829310e09cdbd216.patch", "url": "https://github.com/Perl/perl5/commit/a258c17c6937f79529c8319a829310e09cdbd216.patch" }, { "category": "external", "summary": "https://github.com/Perl/perl5/issues/15831", "url": "https://github.com/Perl/perl5/issues/15831" }, { "category": "external", "summary": "https://metacpan.org/release/RURBAN/Storable-3.05/changes", "url": "https://metacpan.org/release/RURBAN/Storable-3.05/changes" }, { "category": "external", "summary": "https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242533.html", "url": "https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242533.html" }, { "category": "external", "summary": "https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242703.html", "url": "https://www.nntp.perl.org/group/perl.perl5.porters/2017/01/msg242703.html" } ], "release_date": "2026-04-21T15:26:18.216000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2026-04-10T22:29:38+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/", "product_ids": [ "Red Hat Hardened Images:perl-storable-main@aarch64", "Red Hat Hardened Images:perl-storable-main@src", "Red Hat Hardened Images:perl-storable-main@x86_64" ], "url": "https://access.redhat.com/errata/RHSA-2026:7578" }, { "category": "none_available", "details": "Fix deferred", "product_ids": [ "red_hat_enterprise_linux_7:perl-Storable.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Hardened Images:perl-storable-main@aarch64", "Red Hat Hardened Images:perl-storable-main@src", "Red Hat Hardened Images:perl-storable-main@x86_64", "red_hat_enterprise_linux_10:perl-Storable.src", "red_hat_enterprise_linux_7:perl-Storable.src", "red_hat_enterprise_linux_8:perl-Storable", "red_hat_enterprise_linux_8:perl-Storable.src", "red_hat_enterprise_linux_8:perl-Storable.src::perl:5.32", "red_hat_enterprise_linux_8:perl-Storable::perl:5.32", "red_hat_enterprise_linux_9:perl-Storable.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate", "product_ids": [ "Red Hat Hardened Images:perl-storable-main@aarch64", "Red Hat Hardened Images:perl-storable-main@src", "Red Hat Hardened Images:perl-storable-main@x86_64", "red_hat_enterprise_linux_10:perl-Storable.src", "red_hat_enterprise_linux_7:perl-Storable.src", "red_hat_enterprise_linux_8:perl-Storable", "red_hat_enterprise_linux_8:perl-Storable.src", "red_hat_enterprise_linux_8:perl-Storable.src::perl:5.32", "red_hat_enterprise_linux_8:perl-Storable::perl:5.32", "red_hat_enterprise_linux_9:perl-Storable.src" ] } ], "title": "perl-Storable: Storable for Perl: Denial of service via stack overflow in retrieve_hook function" } ] }