CVE-2024-14031

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-14031
Sereal::Encoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Encoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/advisories/GHSA-w77f-wv46-4vcx Not Applicable
https://metacpan.org/release/YVES/Sereal-Encoder-4.010/changes Release Notes
https://www.cve.org/CVERecord?id=CVE-2019-11922 Not Applicable
Configurations

Configuration 1 (hide)

cpe:2.3:a:yves:sereal\:\:encoder:*:*:*:*:*:perl:*:*
History

13 Apr 2026, 12:53

Type Values Removed Values Added
First Time Yves
Yves sereal\
CWE CWE-787
CPE cpe:2.3:a:yves:sereal\:\:encoder:*:*:*:*:*:perl:*:*
References () https://github.com/advisories/GHSA-w77f-wv46-4vcx - () https://github.com/advisories/GHSA-w77f-wv46-4vcx - Not Applicable
References () https://metacpan.org/release/YVES/Sereal-Encoder-4.010/changes - () https://metacpan.org/release/YVES/Sereal-Encoder-4.010/changes - Release Notes
References () https://www.cve.org/CVERecord?id=CVE-2019-11922 - () https://www.cve.org/CVERecord?id=CVE-2019-11922 - Not Applicable

01 Apr 2026, 17:16

Type Values Removed Values Added
Summary (en) Sereal::Encoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library. Sereal::Encoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used. (en) Sereal::Encoder versions from 4.000 through 4.009_002 for Perl embeds a vulnerable version of the Zstandard library. Sereal::Encoder embeds a version of the Zstandard (zstd) library that is vulnerable to CVE-2019-11922. This is a race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.

31 Mar 2026, 15:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.1

31 Mar 2026, 12:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-31 12:16

Updated : 2026-04-13 12:53

NVD link : CVE-2024-14031

Mitre link : CVE-2024-14031

CVE.ORG link : CVE-2024-14031

JSON object : View

Products Affected

yves

  • sereal\
CWE
CWE-787

Out-of-bounds Write