Vulnerability Details CVE-2012-1151
Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536
- http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes
- http://rhn.redhat.com/errata/RHSA-2012-1116.html
- http://secunia.com/advisories/48307
- http://secunia.com/advisories/48319
- http://secunia.com/advisories/48824
- http://security.gentoo.org/glsa/glsa-201204-08.xml
- http://www.debian.org/security/2012/dsa-2431
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:112
- http://www.openwall.com/lists/oss-security/2012/03/09/6
- http://www.openwall.com/lists/oss-security/2012/03/10/4
- https://bugzilla.redhat.com/show_bug.cgi?id=801733
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73854
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73855
- https://rt.cpan.org/Public/Bug/Display.html?id=75642
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536
- http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes
- http://rhn.redhat.com/errata/RHSA-2012-1116.html
- http://secunia.com/advisories/48307
- http://secunia.com/advisories/48319
- http://secunia.com/advisories/48824
- http://security.gentoo.org/glsa/glsa-201204-08.xml
- http://www.debian.org/security/2012/dsa-2431
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:112
- http://www.openwall.com/lists/oss-security/2012/03/09/6
- http://www.openwall.com/lists/oss-security/2012/03/10/4
- https://bugzilla.redhat.com/show_bug.cgi?id=801733
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73854
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73855
- https://rt.cpan.org/Public/Bug/Display.html?id=75642
Products affected by CVE-2012-1151
-
cpe:2.3:a:perl:perl:-
-
cpe:2.3:a:perl:perl:0.1
-
cpe:2.3:a:perl:perl:0.2
-
cpe:2.3:a:perl:perl:0.3
-
cpe:2.3:a:perl:perl:0.4
-
cpe:2.3:a:perl:perl:0.5
-
cpe:2.3:a:perl:perl:0.52
-
cpe:2.3:a:perl:perl:0.61
-
cpe:2.3:a:perl:perl:0.62
-
cpe:2.3:a:perl:perl:0.63
-
cpe:2.3:a:perl:perl:0.64
-
cpe:2.3:a:perl:perl:0.65
-
cpe:2.3:a:perl:perl:0.66
-
cpe:2.3:a:perl:perl:0.67
-
cpe:2.3:a:perl:perl:0.68
-
cpe:2.3:a:perl:perl:0.69
-
cpe:2.3:a:perl:perl:0.70
-
cpe:2.3:a:perl:perl:0.71
-
cpe:2.3:a:perl:perl:0.72
-
cpe:2.3:a:perl:perl:0.73
-
cpe:2.3:a:perl:perl:0.80
-
cpe:2.3:a:perl:perl:0.81
-
cpe:2.3:a:perl:perl:0.82
-
cpe:2.3:a:perl:perl:0.83
-
cpe:2.3:a:perl:perl:0.84
-
cpe:2.3:a:perl:perl:0.85
-
cpe:2.3:a:perl:perl:0.86
-
cpe:2.3:a:perl:perl:0.87
-
cpe:2.3:a:perl:perl:0.88
-
cpe:2.3:a:perl:perl:0.89
-
cpe:2.3:a:perl:perl:0.90
-
cpe:2.3:a:perl:perl:0.91
-
cpe:2.3:a:perl:perl:0.92
-
cpe:2.3:a:perl:perl:0.93
-
cpe:2.3:a:perl:perl:0.94
-
cpe:2.3:a:perl:perl:0.95
-
cpe:2.3:a:perl:perl:0.96
-
cpe:2.3:a:perl:perl:0.97
-
cpe:2.3:a:perl:perl:0.98
-
cpe:2.3:a:perl:perl:0.99
-
cpe:2.3:a:perl:perl:1.0.15
-
cpe:2.3:a:perl:perl:1.0.16
-
cpe:2.3:a:perl:perl:1.00
-
cpe:2.3:a:perl:perl:1.01
-
cpe:2.3:a:perl:perl:1.20
-
cpe:2.3:a:perl:perl:1.21
-
cpe:2.3:a:perl:perl:1.22
-
cpe:2.3:a:perl:perl:1.31
-
cpe:2.3:a:perl:perl:1.32
-
cpe:2.3:a:perl:perl:1.40
-
cpe:2.3:a:perl:perl:1.41
-
cpe:2.3:a:perl:perl:1.42
-
cpe:2.3:a:perl:perl:1.43
-
cpe:2.3:a:perl:perl:1.44
-
cpe:2.3:a:perl:perl:1.45
-
cpe:2.3:a:perl:perl:1.46
-
cpe:2.3:a:perl:perl:1.47
-
cpe:2.3:a:perl:perl:1.48
-
cpe:2.3:a:perl:perl:1.49
-
cpe:2.3:a:perl:perl:2.0.0
-
cpe:2.3:a:perl:perl:2.1.0
-
cpe:2.3:a:perl:perl:2.1.1
-
cpe:2.3:a:perl:perl:2.1.2
-
cpe:2.3:a:perl:perl:2.1.3
-
cpe:2.3:a:perl:perl:2.10.0
-
cpe:2.3:a:perl:perl:2.10.1
-
cpe:2.3:a:perl:perl:2.10.2
-
cpe:2.3:a:perl:perl:2.10.3
-
cpe:2.3:a:perl:perl:2.10.4
-
cpe:2.3:a:perl:perl:2.10.5
-
cpe:2.3:a:perl:perl:2.10.6
-
cpe:2.3:a:perl:perl:2.10.7
-
cpe:2.3:a:perl:perl:2.11.0
-
cpe:2.3:a:perl:perl:2.11.1
-
cpe:2.3:a:perl:perl:2.11.2
-
cpe:2.3:a:perl:perl:2.11.3
-
cpe:2.3:a:perl:perl:2.11.4
-
cpe:2.3:a:perl:perl:2.11.5
-
cpe:2.3:a:perl:perl:2.11.6
-
cpe:2.3:a:perl:perl:2.11.7
-
cpe:2.3:a:perl:perl:2.11.8
-
cpe:2.3:a:perl:perl:2.12.0
-
cpe:2.3:a:perl:perl:2.13.0
-
cpe:2.3:a:perl:perl:2.14.0
-
cpe:2.3:a:perl:perl:2.14.1
-
cpe:2.3:a:perl:perl:2.15.0
-
cpe:2.3:a:perl:perl:2.15.1
-
cpe:2.3:a:perl:perl:2.16.0
-
cpe:2.3:a:perl:perl:2.16.1
-
cpe:2.3:a:perl:perl:2.17.0
-
cpe:2.3:a:perl:perl:2.17.1
-
cpe:2.3:a:perl:perl:2.17.2
-
cpe:2.3:a:perl:perl:2.18.0
-
cpe:2.3:a:perl:perl:2.18.1
-
cpe:2.3:a:perl:perl:2.2.0
-
cpe:2.3:a:perl:perl:2.2.1
-
cpe:2.3:a:perl:perl:2.2.2
-
cpe:2.3:a:perl:perl:2.3.0
-
cpe:2.3:a:perl:perl:2.4.0
-
cpe:2.3:a:perl:perl:2.5.0
-
cpe:2.3:a:perl:perl:2.5.1
-
cpe:2.3:a:perl:perl:2.6.0
-
cpe:2.3:a:perl:perl:2.6.1
-
cpe:2.3:a:perl:perl:2.6.2
-
cpe:2.3:a:perl:perl:2.6.3
-
cpe:2.3:a:perl:perl:2.6.4
-
cpe:2.3:a:perl:perl:2.6.5
-
cpe:2.3:a:perl:perl:2.6.6
-
cpe:2.3:a:perl:perl:2.7.0
-
cpe:2.3:a:perl:perl:2.7.1
-
cpe:2.3:a:perl:perl:2.7.2
-
cpe:2.3:a:perl:perl:2.8.0
-
cpe:2.3:a:perl:perl:2.8.1
-
cpe:2.3:a:perl:perl:2.8.2
-
cpe:2.3:a:perl:perl:2.8.3
-
cpe:2.3:a:perl:perl:2.8.4
-
cpe:2.3:a:perl:perl:2.8.5
-
cpe:2.3:a:perl:perl:2.8.6
-
cpe:2.3:a:perl:perl:2.8.7
-
cpe:2.3:a:perl:perl:2.8.8
-
cpe:2.3:a:perl:perl:2.9.0
-
cpe:2.3:a:perl:perl:2.9.1
-
cpe:2.3:a:perl:perl:2.9.2