#VU46806 Buffer overflow in DBI - CVE-2013-7490


| Updated: 2020-09-18

Vulnerability identifier: #VU46806

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2013-7490

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
DBI
Other software / Other software solutions

Vendor: TIMB

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.

Mitigation
Install update from vendor's website.

Vulnerable software versions

DBI: 1.00 - 1.631

External links
https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead53f65766
https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014
https://rt.cpan.org/Public/Bug/Display.html?id=86744#txn-1880941
https://usn.ubuntu.com/4509-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for libdbi-perl