CVE-2014-10402

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
VendorProductVersion
perldbi
𝑥
≤ 1.643
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libdbi-perl
bullseye
1.643-3
fixed
bookworm
1.643-4
fixed
sid
1.645-1
fixed
trixie
1.645-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libdbi-perl
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
ignored
focal
Fixed 1.643-1ubuntu0.1
released
bionic
Fixed 1.640-1ubuntu0.3
released
xenial
Fixed 1.634-1ubuntu0.2+esm1
released
trusty
needed
Common Weakness Enumeration
References
https://lists.debian.org/debian-lts-announce/2022/05/msg00046.html
https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590
https://lists.debian.org/debian-lts-announce/2022/05/msg00046.html
https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590