top of page
perceptive_background_267k.jpg

Sereal::Encoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library.

Sereal::Encoder embeds a vers…

Published:

30 March 2026 at 22:00:00

Alert date:

31 March 2026 at 17:08:47

Source:

nvd.nist.gov

Click to open the original link from this advisory

Supply Chain & Dependencies, Web Technologies

Sereal::Encoder versions 4.000 through 4.009_002 for Perl contains a buffer overwrite vulnerability in its embedded Zstandard compression library. The flaw is linked to CVE-2019-11922, a race condition in Zstandard versions prior to 1.3.8 that affects one-pass compression functions. Attackers can exploit this vulnerability to write bytes out of bounds when output buffers smaller than recommended size are used. This represents a supply chain security issue where an older vulnerable dependency creates security risks in newer software versions.

Technical details

Mitigation steps:

Affected products:

Sereal::Encoder
Zstandard library

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2024-14031
https://github.com/advisories/GHSA-w77f-wv46-4vcx
https://metacpan.org/release/YVES/Sereal-Encoder-4.010/changes
https://www.cve.org/CVERecord?id=CVE-2019-11922

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page