Robert Rothenberg <[email protected]> writes: > ======================================================================== > CVE-2017-20230 CPAN Security Group > ======================================================================== > > CVE ID: CVE-2017-20230 > Distribution: Storable > Versions: before 3.05 > > MetaCPAN: https://metacpan.org/dist/Storable > VCS Repo: https://github.com/Perl/perl5/ > > > Storable versions before 3.05 for Perl has a stack overflow > > Description > ----------- > Storable versions before 3.05 for Perl has a stack overflow. > > The retrieve_hook function stored the length of the class name into a > signed integer but in read operations treated the length as unsigned. > This allowed an attacker to craft data that could trigger the overflow.
I'm always suspicious by default of anything involving serialisation. The perldoc for Storable [0] says: > Do not accept Storable documents from untrusted sources! There is no > way to configure Storable so that it can be used safely to process untrusted > data. and later (between much other omitted text): > With the default setting of $Storable::flags = 6, creating or > destroying random objects, even renamed objects can be controlled by > an attacker. > See CVE-2015-1592 and its metasploit module. Is this vulnerability valid in light of that? Thanks. [0] https://perldoc.perl.org/Storable#SECURITY-WARNING > [...] sam
signature.asc
Description: PGP signature
