Unrated severityNVD Advisory· Published Sep 30, 2014· Updated May 6, 2026

CVE-2014-4330

Description

The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.

Affected products

Data Dumper Project/Data Dumper
cpe:2.3:a:data_dumper_project:data_dumper:*:*:*:*:*:*:*:*
Range: <=2.151
Perl Foundation/Perl
cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*
Range: <=5.20.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.htmlnvdExploit
seclists.org/fulldisclosure/2014/Sep/84nvdExploit
seclists.org/oss-sec/2014/q3/692nvdExploit
www.lsexperts.de/advisories/lse-2014-06-10.txtnvdExploit
advisories.mageia.org/MGASA-2014-0406.htmlnvd
lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.htmlnvd
secunia.com/advisories/61441nvd
secunia.com/advisories/61961nvd
www.mandriva.com/security/advisoriesnvd
www.nntp.perl.org/group/perl.perl5.porters/2014/09/msg220118.htmlnvd
www.securityfocus.com/archive/1/533543/100/0/threadednvd
www.securityfocus.com/bid/70142nvd
www.ubuntu.com/usn/USN-2916-1nvd
exchange.xforce.ibmcloud.com/vulnerabilities/96216nvd
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
metacpan.org/pod/distribution/Data-Dumper/Changesnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000