CVE-2020-14392
16.09.2020, 13:15
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.Enginsight
| Vendor | Product | Version |
|---|---|---|
| perl | database_interface | 𝑥 < 1.643 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| opensuse | leap | 15.1 |
| opensuse | leap | 15.2 |
| debian | debian_linux | 9.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
- CWE-822 - Untrusted Pointer DereferenceThe program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
References