CVE-2020-14392 - Vulnerability Details

An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00079.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Fedoraproject	Fedora
Opensuse	Leap
Perl	Database Interface

Configuration 1 [-]

cpe:2.3:a:perl:database_interface:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

Configuration 3 [-]

OR	cpe:2.3:o:opensuse:leap:15.1:::::::*
	cpe:2.3:o:opensuse:leap:15.2:::::::*

Configuration 4 [-]

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html
https://bugzilla.redhat.com/show_bug.cgi?id=1877402
https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643
https://nvd.nist.gov/vuln/detail/CVE-2020-14392
https://usn.ubuntu.com/4503-1/
https://www.cve.org/CVERecord?id=CVE-2020-14392

History

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00159}`	epss `{'score': 0.00079}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-09-16T13:00:20

Updated: 2024-08-04T12:46:34.386Z

Reserved: 2020-06-17T00:00:00

Link: CVE-2020-14392

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-09-16T13:15:11.160

Modified: 2024-11-21T05:03:09.827

Link: CVE-2020-14392

Redhat

Severity : Low

Publid Date: 2019-07-31T00:00:00Z

Links: CVE-2020-14392 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object