PT-2009-3304 · Perl+1 · Dbd::Pg+1

Published

2009-04-30

Updated

2017-09-29

CVE-2009-0663

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions DBD::Pg module version 1.49

Description A heap-based buffer overflow issue exists in the DBD::Pg module for Perl, potentially allowing attackers to execute arbitrary code. This issue arises when unspecified input is provided to an application that utilizes the getline and pg getline functions to read database rows.

Recommendations For DBD::Pg module version 1.49, consider updating to a newer version that addresses this issue, as using the getline and pg getline functions with untrusted input may lead to exploitation. As a temporary workaround, restrict the use of these functions with untrusted data until a patch is available.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2009-0663

DSA-1780-1

RHSA-2009:0479

RHSA-2009:1067

RHSA-2009_0479

Affected Products

Dbd::Pg

Red Hat

PT-2009-3304 · Perl+1 · Dbd::Pg+1

CVE-2009-0663

Weakness Enumeration

Related Identifiers

Affected Products

References · 19