Sereal::Encoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library

Description

Sereal::Encoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library. Sereal::Encoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.

Affected Products

Vendor	Product	Versions
yves	sereal::encoder	4.000

References

https://github.com/advisories/GHSA-w77f-wv46-4vcx(vendor-advisory)
https://www.cve.org/CVERecord?id=CVE-2019-11922(vendor-advisory)
https://metacpan.org/release/YVES/Sereal-Encoder-4.010/changes(release-notes)

Related News (2 articles)

Tier C

oss-security5h ago

CVE-2024-14031: Sereal::Encoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library

→ No new info (linked only)

Tier C

VulDB10h ago

CVE-2024-14031 | YVES Sereal::Encoder up to 4.009_002 on Perl Compression vulnerable third-party component (GHSA-w77f-wv46-4vcx)

→ No new info (linked only)

CVSS 3.18.1 HIGH

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch availablehttps://github.com/advisories/GHSA-w77f-wv46-4vcx, https://www.cve.org/CVERecord?id=CVE-2019-11922

CWECWE-1395

PublishedMar 31, 2026

Last enriched10h agov2

Trending Score43

Source articles2

Independent2

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Sereal::Encoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library

Description

Affected Products

References

Related News (2 articles)

Community Vote

Related CVEs (1)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History