PT-2020-6256 · Perl+3 · Perl-Dbi+3

Pedro Sampaio

·

Published

2020-02-24

·

Updated

2024-06-21

·

CVE-2020-14392

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Perl-DBI versions prior to 1.643
Description The issue is related to an untrusted pointer dereference flaw in the dbd db login6 sv() function, which can cause memory corruption. This could allow a local attacker to manipulate calls to this function, potentially affecting the service's availability. The flaw is also described as a buffer overflow in memory, which could be exploited to cause a denial of service.
Recommendations For versions prior to 1.643, update to version 1.643 or later to resolve the issue. As a temporary workaround, consider restricting access to the dbd db login6 sv() function to minimize the risk of exploitation.

Fix

Untrusted Pointer Dereference

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-822CWE-119

Related Identifiers

ALT-PU-2020-1326
ALT-PU-2022-3385
BDU:2021-03727
CVE-2020-14392
DLA-2386-1
MGASA-2021-0048
OPENSUSE-SU-2020:1483-1
OPENSUSE-SU-2020:1502-1
OPENSUSE-SU-2020_1483-1
OPENSUSE-SU-2020_1502-1
OPENSUSE-SU-2024:14061-1
SUSE-SU-2020:14493-1
SUSE-SU-2020:2645-1
SUSE-SU-2020:2646-1
SUSE-SU-2020:2661-1
SUSE-SU-2020_14493-1
SUSE-SU-2020_2645-1
SUSE-SU-2020_2646-1
SUSE-SU-2020_2661-1
USN-4503-1

Affected Products

Alt Linux
Perl-Dbi
Suse
Ubuntu