PT-2020-6247 · Perl+3 · Dbi+3

Ppisar

Published

2020-02-24

Updated

2024-06-21

CVE-2019-20919

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions DBI module versions prior to 1.643 for Perl

Description An issue was discovered in the DBI module for Perl, where the code checks for NULL as required by the hv fetch() documentation, but then calls SvOK(profile), causing a NULL pointer dereference. This can lead to a denial of service.

Recommendations For versions prior to 1.643, update to version 1.643 or later to resolve the issue. As a temporary workaround, consider disabling the SvOK(profile) function call until a patch is available. Restrict access to the hv fetch() function to minimize the risk of exploitation.

Fix

NULL Pointer Dereference

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-252

Related Identifiers

ALT-PU-2020-1326

ALT-PU-2022-3385

BDU:2021-03716

CVE-2019-20919

DLA-2386-1

MGASA-2021-0048

OPENSUSE-SU-2020:1620-1

OPENSUSE-SU-2020:1628-1

OPENSUSE-SU-2020_1620-1

OPENSUSE-SU-2020_1628-1

OPENSUSE-SU-2024:14061-1

SUSE-SU-2020:14510-1

SUSE-SU-2020:2827-1

SUSE-SU-2020:2828-1

SUSE-SU-2020:2856-1

SUSE-SU-2020_2827-1

SUSE-SU-2020_2828-1

USN-4534-1

Affected Products

Alt Linux

Dbi

Suse

Ubuntu

PT-2020-6247 · Perl+3 · Dbi+3

CVE-2019-20919

Weakness Enumeration

Related Identifiers

Affected Products

References · 51