Vulnerability Details CVE-2020-14393
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.1%
CVSS Severity
CVSS v3 Score 7.1
CVSS v2 Score 3.6
References
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1877409
- https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
- https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1877409
- https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
- https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643
Products affected by CVE-2020-14393
-
cpe:2.3:a:perl:database_interface:1.601
-
cpe:2.3:a:perl:database_interface:1.602
-
cpe:2.3:a:perl:database_interface:1.603
-
cpe:2.3:a:perl:database_interface:1.604
-
cpe:2.3:a:perl:database_interface:1.605
-
cpe:2.3:a:perl:database_interface:1.606
-
cpe:2.3:a:perl:database_interface:1.607
-
cpe:2.3:a:perl:database_interface:1.608
-
cpe:2.3:a:perl:database_interface:1.609
-
cpe:2.3:a:perl:database_interface:1.611
-
cpe:2.3:a:perl:database_interface:1.611_90
-
cpe:2.3:a:perl:database_interface:1.611_91
-
cpe:2.3:a:perl:database_interface:1.611_92
-
cpe:2.3:a:perl:database_interface:1.611_93
-
cpe:2.3:a:perl:database_interface:1.611_94
-
cpe:2.3:a:perl:database_interface:1.612
-
cpe:2.3:a:perl:database_interface:1.613
-
cpe:2.3:a:perl:database_interface:1.613_70
-
cpe:2.3:a:perl:database_interface:1.613_71
-
cpe:2.3:a:perl:database_interface:1.613_90
-
cpe:2.3:a:perl:database_interface:1.613_91
-
cpe:2.3:a:perl:database_interface:1.613_92
-
cpe:2.3:a:perl:database_interface:1.613_93
-
cpe:2.3:a:perl:database_interface:1.614
-
cpe:2.3:a:perl:database_interface:1.614_90
-
cpe:2.3:a:perl:database_interface:1.615
-
cpe:2.3:a:perl:database_interface:1.616
-
cpe:2.3:a:perl:database_interface:1.617
-
cpe:2.3:a:perl:database_interface:1.618
-
cpe:2.3:a:perl:database_interface:1.619
-
cpe:2.3:a:perl:database_interface:1.620
-
cpe:2.3:a:perl:database_interface:1.621
-
cpe:2.3:a:perl:database_interface:1.622
-
cpe:2.3:a:perl:database_interface:1.623
-
cpe:2.3:a:perl:database_interface:1.624
-
cpe:2.3:a:perl:database_interface:1.625
-
cpe:2.3:a:perl:database_interface:1.626
-
cpe:2.3:a:perl:database_interface:1.627
-
cpe:2.3:a:perl:database_interface:1.628
-
cpe:2.3:a:perl:database_interface:1.630
-
cpe:2.3:a:perl:database_interface:1.631
-
cpe:2.3:a:perl:database_interface:1.632
-
cpe:2.3:a:perl:database_interface:1.632_90
-
cpe:2.3:a:perl:database_interface:1.633
-
cpe:2.3:a:perl:database_interface:1.633_90
-
cpe:2.3:a:perl:database_interface:1.633_91
-
cpe:2.3:a:perl:database_interface:1.633_92
-
cpe:2.3:a:perl:database_interface:1.634
-
cpe:2.3:a:perl:database_interface:1.635
-
cpe:2.3:a:perl:database_interface:1.636
-
cpe:2.3:a:perl:database_interface:1.637
-
cpe:2.3:a:perl:database_interface:1.638
-
cpe:2.3:a:perl:database_interface:1.639
-
cpe:2.3:a:perl:database_interface:1.640
-
cpe:2.3:a:perl:database_interface:1.641
-
cpe:2.3:a:perl:database_interface:1.642
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:fedoraproject:fedora:31
-
cpe:2.3:o:opensuse:leap:15.2