CVE-2020-14393

EPSS 0.04%
Published 16.09.2020 14:15:12
Last modified 21.11.2024 05:03:09
Source secalert@redhat.com
Teams watchlist Login
Open Login

A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.

Affected products Warnungen 0 Metrics 3 CWE 2 References 9

Data is provided by the National Vulnerability Database (NVD)

Perl ≫ Database Interface Version < 1.643

Opensuse ≫ Leap Version15.2

Debian ≫ Debian Linux Version9.0

Fedoraproject ≫ Fedora Version31

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.117

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:N/I:P/A:P

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html

Broken Link

https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/

https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643

Third Party Advisory