CVE-2020-14392

Published: Sep 16, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.

Affected (9)

Products: Perl: Database Interface · Canonical: Ubuntu Linux · Opensuse: Leap · +2 more

Show all products

Perl: Database Interface · Canonical: Ubuntu Linux · Opensuse: Leap · Fedoraproject: Fedora · Debian: Debian Linux

1 product

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Perl Database Interface	Before 1.643

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1
Opensuse Leap	Version 15.2

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 31

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-822

Untrusted Pointer Dereference

The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

References (14)

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1877402

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/

Source: secalert@redhat.com

https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643

Source: secalert@redhat.com

Release NotesThird Party Advisory

https://usn.ubuntu.com/4503-1/

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html