Sereal

CVEs (1)

• CVE-2026-8796May 31, 2026
  Sereal

  Sereal
  risk 0.00cvss —epss —

  Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srl_decoder.c, srl_read_object() and srl_read_hash() process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target…