NULL Pointer Dereference in DBI Module for Perl by DBD::File
CVE-2019-20919

4.7MEDIUM

Key Information:

Vendor

Perl

Status
Dbi
Vendor
CVE Published:
17 September 2020

What is CVE-2019-20919?

An issue in the DBI module before version 1.643 for Perl was identified where a NULL pointer dereference can occur. The issue stems from the hv_fetch() function, which is supposed to check for NULL values. However, subsequent calls to SvOK(profile) do not correctly handle cases where a NULL pointer is present, potentially leading to application crashes and instability.

References

https://metacpan.org/pod/distribution/DBI/Changes#Changes...
x_refsource_MISC
https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f62...
x_refsource_MISC
https://usn.ubuntu.com/4534-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.