Sereal::Encoder Buffer Overwrite Vulnerability Due to Embedded Zstandard Library Race Condition

Vulnerability

A buffer overwrite vulnerability has been identified in Sereal::Encoder versions 4.000 through 4.009_002 for Perl. This issue arises from a race condition in the one-pass compression functions of the embedded Zstandard library, prior to version 1.3.8. The vulnerability allows an attacker to write bytes out of bounds by using an output buffer smaller than the recommended size.

Impact

Exploitation of this vulnerability could lead to a buffer overwrite, allowing for potential arbitrary code execution or causing a denial-of-service condition.

Added: Mar 31, 2026, 12:33 PM

Updated: Mar 31, 2026, 12:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.6

exploitability

6.2

remediation

0.0

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.6

exploitability

6.2

remediation

0.0

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sereal::Encoder Buffer Overwrite Vulnerability Due to Embedded Zstandard Library Race Condition

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating