Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sereal::Decoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library
Vulnerability Description
Sereal::Decoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Decoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.
CVSS Information
N/A
Vulnerability Type
CWE-1395
Vulnerability Title
Sereal::Decoder 安全漏洞
Vulnerability Description
Sereal::Decoder是YVES个人开发者的一个用于解析高性能二进制序列化数据格式的解码模块。 Sereal::Decoder 4.000至4.009_002版本存在安全漏洞,该漏洞源于Zstandard库存在缓冲区越界写入缺陷,可能导致攻击者写入越界字节。
CVSS Information
N/A
Vulnerability Type
N/A