Vulnerability Details CVE-2020-14392
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.3%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1877402
- https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
- https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643
- https://usn.ubuntu.com/4503-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1877402
- https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
- https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643
- https://usn.ubuntu.com/4503-1/
Products affected by CVE-2020-14392
-
cpe:2.3:a:perl:database_interface:1.601
-
cpe:2.3:a:perl:database_interface:1.602
-
cpe:2.3:a:perl:database_interface:1.603
-
cpe:2.3:a:perl:database_interface:1.604
-
cpe:2.3:a:perl:database_interface:1.605
-
cpe:2.3:a:perl:database_interface:1.606
-
cpe:2.3:a:perl:database_interface:1.607
-
cpe:2.3:a:perl:database_interface:1.608
-
cpe:2.3:a:perl:database_interface:1.609
-
cpe:2.3:a:perl:database_interface:1.611
-
cpe:2.3:a:perl:database_interface:1.611_90
-
cpe:2.3:a:perl:database_interface:1.611_91
-
cpe:2.3:a:perl:database_interface:1.611_92
-
cpe:2.3:a:perl:database_interface:1.611_93
-
cpe:2.3:a:perl:database_interface:1.611_94
-
cpe:2.3:a:perl:database_interface:1.612
-
cpe:2.3:a:perl:database_interface:1.613
-
cpe:2.3:a:perl:database_interface:1.613_70
-
cpe:2.3:a:perl:database_interface:1.613_71
-
cpe:2.3:a:perl:database_interface:1.613_90
-
cpe:2.3:a:perl:database_interface:1.613_91
-
cpe:2.3:a:perl:database_interface:1.613_92
-
cpe:2.3:a:perl:database_interface:1.613_93
-
cpe:2.3:a:perl:database_interface:1.614
-
cpe:2.3:a:perl:database_interface:1.614_90
-
cpe:2.3:a:perl:database_interface:1.615
-
cpe:2.3:a:perl:database_interface:1.616
-
cpe:2.3:a:perl:database_interface:1.617
-
cpe:2.3:a:perl:database_interface:1.618
-
cpe:2.3:a:perl:database_interface:1.619
-
cpe:2.3:a:perl:database_interface:1.620
-
cpe:2.3:a:perl:database_interface:1.621
-
cpe:2.3:a:perl:database_interface:1.622
-
cpe:2.3:a:perl:database_interface:1.623
-
cpe:2.3:a:perl:database_interface:1.624
-
cpe:2.3:a:perl:database_interface:1.625
-
cpe:2.3:a:perl:database_interface:1.626
-
cpe:2.3:a:perl:database_interface:1.627
-
cpe:2.3:a:perl:database_interface:1.628
-
cpe:2.3:a:perl:database_interface:1.630
-
cpe:2.3:a:perl:database_interface:1.631
-
cpe:2.3:a:perl:database_interface:1.632
-
cpe:2.3:a:perl:database_interface:1.632_90
-
cpe:2.3:a:perl:database_interface:1.633
-
cpe:2.3:a:perl:database_interface:1.633_90
-
cpe:2.3:a:perl:database_interface:1.633_91
-
cpe:2.3:a:perl:database_interface:1.633_92
-
cpe:2.3:a:perl:database_interface:1.634
-
cpe:2.3:a:perl:database_interface:1.635
-
cpe:2.3:a:perl:database_interface:1.636
-
cpe:2.3:a:perl:database_interface:1.637
-
cpe:2.3:a:perl:database_interface:1.638
-
cpe:2.3:a:perl:database_interface:1.639
-
cpe:2.3:a:perl:database_interface:1.640
-
cpe:2.3:a:perl:database_interface:1.641
-
cpe:2.3:a:perl:database_interface:1.642
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:fedoraproject:fedora:31
-
cpe:2.3:o:opensuse:leap:15.1
-
cpe:2.3:o:opensuse:leap:15.2