SB2020091743 - Fedora 31 update for perl-DBI

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020091743

SB2020091743 - Fedora 31 update for perl-DBI

Published: September 17, 2020 Updated: April 25, 2025

Security Bulletin ID SB2020091743
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 33% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Untrusted Pointer Dereference (CVE-ID: CVE-2020-14392)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to untrusted pointer dereference error. A remote attacker can trick the victim to open a specially crafted file, trigger pointer dereference and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.


2) NULL pointer dereference (CVE-ID: CVE-2019-20919)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. A remote attacker can perform a denial of service (DoS) attack.


3) Out-of-bounds write (CVE-ID: CVE-2020-14393)

The vulnerability allows a local authenticated user to #BASIC_IMPACT#.

A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.


Remediation

Install update from vendor's website.

References