Gentoo update for Perl DBI



Published: 2020-09-13 | Updated: 2020-09-14
Risk High
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2020-14392
CVE-2020-14393
CWE-ID CWE-822
CWE-787
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Gentoo Linux
Operating systems & Components / Operating system

Vendor Gentoo

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Untrusted Pointer Dereference

EUVDB-ID: #VU46823

Risk: High

CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-14392

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to untrusted pointer dereference error. A remote attacker can trick the victim to open a specially crafted file, trigger pointer dereference and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Mitigation

Update the affected packages.
dev-perl/DBI to version: 1.643.0

Vulnerable software versions

Gentoo Linux: All versions

External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202009-07


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

EUVDB-ID: #VU46974

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14393

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local authenticated user to #BASIC_IMPACT#.

A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.

Mitigation

Update the affected packages.
dev-perl/DBI to version: 1.643.0

Vulnerable software versions

Gentoo Linux: All versions

External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202009-07


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###