Untrusted Pointer Dereference Flaw in Perl-DBI Product by Perl
CVE-2020-14392

5.5MEDIUM

Key Information:

Vendor: Perl
Status: Perl-dbi
Vendor: CVE Published:; 16 September 2020

Summary

An untrusted pointer dereference flaw was identified in Perl-DBI versions earlier than 1.643. This vulnerability can be exploited by a local attacker who manipulates calls to the dbd_db_login6_sv() function, potentially leading to memory corruption and impacting the availability of services leveraging the Perl-DBI interface.

Affected Version(s)

perl-dbi perl-DBI before version 1.643

References

https://bugzilla.redhat.com/show_bug.cgi?id=1877402

x_refsource_MISC

https://metacpan.org/pod/distribution/DBI/Changes#Changes...

x_refsource_MISC

https://usn.ubuntu.com/4503-1/

vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 16, 2020
Vulnerability Reserved
Jun 17, 2020

.

CVE-2020-14392 : Untrusted Pointer Dereference Flaw in Perl-DBI Product by Perl | SecurityVulnerability.io