VYPR

Sereal

by Sereal::Encoder

Source repositories

CVEs (1)

  • CVE-2026-8796HigMay 31, 2026
    risk 0.46cvss 8.1epss 0.00

    Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srl_decoder.c, srl_read_object() and srl_read_hash() process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target…

VYPR — Vulnerability Intelligence