CVE-2026-8796

Published: Mag 31, 2026 Last Modified: Mag 31, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input.

In Perl/Decoder/srl_decoder.c, srl_read_object() and srl_read_hash() process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORT_BINARY pattern (an inline string whose length is encoded in the low bits of the tag), the resulting read is not bounded to precede the COPY tag's own offset and can run past the end of the input buffer. An attacker controlled COPY offset can land inside a previously decoded value rather than on a tag boundary, planting a byte that the decoder reads as a SHORT_BINARY tag and consuming up to 31 following bytes from the heap as a class name (OBJECT path) or hash key (HASH path).

125

Out-of-bounds Read

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Availability Other

Potential Impacts:

Read Memory Bypass Protection Mechanism Dos: Crash, Exit, Or Restart Varies By Context

Applicable Platforms

Languages: Memory-Unsafe, C, C++

Technologies: ICS/OT

View CWE Details

https://github.com/Sereal/Sereal/commit/303a2c69cdba80bf37a…

https://github.com/Sereal/Sereal/commit/303a2c69cdba80bf37a3ff43461e0aa78198a7a…

https://metacpan.org/release/YVES/Sereal-Decoder-5.005/chan…

https://metacpan.org/release/YVES/Sereal-Decoder-5.005/changes

CVE-2026-8796

Description

Out-of-bounds Read

Common Consequences

Applicable Platforms

Iscriviti alla newsletter