CVE-2020-14393

Name
CVE-2020-14393
Description
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Release Notes https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1877409
Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
MLIST https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:perl:database_interface:*:*:*:*:*:*:*:* database_interface >= None < 1.643

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
perl-dbi edge-main 1.643-r0 None fixed
perl-dbi 3.22-main 1.643-r0 None fixed
perl-dbi 3.21-main 1.643-r0 None fixed
perl-dbi 3.20-main 1.643-r0 None fixed
perl-dbi 3.19-main 1.643-r0 None fixed
perl-dbi 3.18-main 1.643-r0 None fixed
perl-dbi 3.17-main 1.643-r0 None fixed
perl-dbi 3.12-main 1.643-r0 Leonardo Arena <rnalrd@alpinelinux.org> fixed