Perl Storable Stack Overflow Vulnerability in Retrieve Hook Function

A stack overflow vulnerability has been identified in the Perl Storable module, specifically in versions prior to 3.05. The issue arises in the retrieve_hook function, where the length of the class name is stored as a signed integer. During read operations, this length is treated as unsigned, creating a mismatch that an attacker could exploit. By crafting data that takes advantage of this discrepancy, an attacker could trigger the overflow.

Impact

Exploitation of this vulnerability leads to a stack overflow, which can potentially be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the application.

Reproduction

The vulnerability can be reproduced by using a crafted payload that exploits the length handling in the retrieve_hook function. This can be done by creating a Storable file or buffer with a manipulated class name length that exceeds the expected limits, causing a stack overflow when the data is retrieved.

Remediation

Users should upgrade to Storable version 3.05 or later, where this vulnerability has been fixed.