PT-2012-3100 · Perl+3 · Dbd::Pg+3
Jan Lieskovsky
+1
·
Published
2012-06-26
·
Updated
2017-08-29
·
CVE-2012-1151
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
DBD::Pg versions prior to 2.19.0
Description
The issue concerns multiple format string vulnerabilities in the DBD::Pg module for Perl. These vulnerabilities can be exploited by remote PostgreSQL database servers, allowing them to cause a denial of service (process crash) through the use of format string specifiers. This can be achieved in two ways: by crafting a database warning to the
pg warn function or by crafting a DBD statement to the dbd st prepare function.Recommendations
For versions prior to 2.19.0, update to version 2.19.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the
pg warn function and the dbd st prepare function to minimize the risk of exploitation.Fix
DoS
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centos
Dbd::Pg
Red Hat
Suse