External risk intelligence

Storable allows attackers to crash systems or take control.

CVE advisorySeverity: CRITICAL (CVSS 10.0)

CVE-2017-20230

An external attacker can submit malicious inputs to applications using the Perl Storable module to trigger memory errors. This allows them to run unauthorized code or crash the system, potentially resulting in full control over the host application or service interruptions.

3Halo Surface Signal

Nwclark Storable

before 3.05

External exposure likelihood

Halo Surface Signal score for CVE-2017-20230

The Storable module is a library component, not a standalone service. Its attack surface depends on whether an application uses it to process untrusted serialized data from the internet. While it can be exposed through such applications, the module itself is not a public-facing service by design, making internet-reachable exposure contingent on the host application's specific implementation.

Horizon Alert

Summary of the vulnerability and why it matters

A flaw in the Storable module for Perl could allow an attacker to cause a stack overflow by crafting malicious data. This can happen when the module reads data, as it misinterprets the length of class names, leading to unexpected behavior. Teams should pay attention because this could disrupt the normal functioning of applications using this module.

Can lead to denial of service.
Affects applications processing untrusted data.
Could enable attackers to crash systems.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this flaw by crafting malicious serialized data that is then deserialized by a Perl application using the Storable module. This could lead to a stack overflow, potentially allowing the attacker to execute arbitrary code with the privileges of the application.

Unauthenticated remote attackers.
Deserializing crafted data.
Storable module used by application.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability, a stack overflow in the Perl Storable module, could be attractive to attackers if applications deserialize untrusted data. Exploitation allows for significant control over affected systems, as evidenced by the critical CVSS score. However, widespread exploitation is likely limited to targeted attacks where an attacker can control the data being deserialized.

Stack overflow vulnerability.
Remote code execution potential.
Affects deserialization of untrusted data.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize detecting and blocking network traffic that attempts to exploit the Storable module's stack overflow vulnerability. If your applications use Storable to deserialize untrusted data, assume an elevated risk of exploitation and investigate affected systems immediately.

Update Storable to version 3.05 or later.
Monitor applications for unusual memory usage or crashes.
Isolate services processing untrusted serialized data.

Frequently asked questions

What is the Storable module used for in Perl?

The Storable module is a library component used in Perl applications. It allows developers to serialize and deserialize data structures, effectively saving and loading them. This is useful for tasks like saving application state or exchanging data between processes.

How does the Storable vulnerability (CVE-2017-20230) allow an attack?

This vulnerability is a stack overflow caused by a weakness in how Storable handles class name lengths when reading data. It incorrectly treats a signed integer as unsigned, allowing an attacker to craft data that overflows the stack, potentially disrupting the application.

What preconditions are needed for an attacker to exploit CVE-2017-20230?

An attacker needs to be able to provide crafted serialized data to a Perl application that uses the Storable module. The vulnerability is triggered when the application deserializes this malicious data. If the application does not process untrusted data with Storable, the bug will not be triggered.

Who should care about the Storable module vulnerability?

Organizations running Perl applications that use the Storable module to process data from potentially untrusted sources should be concerned. According to Halo Surface Signal, this vulnerability has a 'Possible' exposure because its internet-facing risk depends on whether applications deserialize untrusted data received from the internet.

What is the first step for running Storable technology?

The primary recommendation is to update the Storable module to version 3.05 or later. Additionally, monitoring applications that use Storable for unusual behavior like crashes or excessive memory usage is advised, especially if they handle external data.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.