CVE-2024-14030
Received Received - Intake
Buffer Overflow in Sereal::Decoder's Zstandard Library Causes Memory Corruption

Publication date: 2026-03-31

Last updated on: 2026-04-13

Assigner: CPANSec

Description
Sereal::Decoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Decoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-13
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-15
NVD
CVE-2024-14030
EUVD
EUVD-2024-55511
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
yves sereal From 4.000 (inc) to 4.010 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in Sereal::Decoder versions 4.000 through 4.009_002 for Perl, which embeds a version of the Zstandard (zstd) library that is itself vulnerable to CVE-2019-11922.

This vulnerability is a buffer overwrite flaw caused by a race condition in the one-pass compression functions of Zstandard versions prior to 1.3.8.

An attacker could exploit this flaw by causing the program to write bytes outside the bounds of an output buffer if the buffer used is smaller than the recommended size.

Impact Analysis

This vulnerability can lead to a buffer overwrite, which may cause unpredictable behavior such as application crashes, data corruption, or potentially allow an attacker to execute arbitrary code.

The impact depends on how the vulnerable Sereal::Decoder is used in your environment and whether an attacker can supply crafted input to trigger the flaw.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-14030. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart