PT-2012-3100 · Perl+3 · Dbd::Pg+3
Jan Lieskovsky
+1
·
Publicado
2012-06-26
·
Atualizado
2017-08-29
·
CVE-2012-1151
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
DBD::Pg versions prior to 2.19.0
Description
The issue concerns multiple format string vulnerabilities in the DBD::Pg module for Perl. These vulnerabilities can be exploited by remote PostgreSQL database servers, allowing them to cause a denial of service (process crash) through the use of format string specifiers. This can be achieved in two ways: by crafting a database warning to the
pg warn function or by crafting a DBD statement to the dbd st prepare function.Recommendations
For versions prior to 2.19.0, update to version 2.19.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the
pg warn function and the dbd st prepare function to minimize the risk of exploitation.Correção
DoS
Use of Externally-Controlled Format String
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Centos
Dbd::Pg
Red Hat
Suse