{"containers": {"cna": {"affected": [{"product": "perl-dbi", "vendor": "n/a", "versions": [{"status": "affected", "version": "perl-DBI before version 1.643"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 CWE-787", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-28T15:06:08", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877409"}, {"name": "openSUSE-SU-2020:1483", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html"}, {"name": "openSUSE-SU-2020:1502", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html"}, {"name": "FEDORA-2020-f30298614a", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/"}, {"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2386-1] libdbi-perl security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-14393", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "perl-dbi", "version": {"version_data": [{"version_value": "perl-DBI before version 1.643"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-121 CWE-787"}]}]}, "references": {"reference_data": [{"name": "https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643", "refsource": "MISC", "url": "https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1877409", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877409"}, {"name": "openSUSE-SU-2020:1483", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html"}, {"name": "openSUSE-SU-2020:1502", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html"}, {"name": "FEDORA-2020-f30298614a", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/"}, {"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2386-1] libdbi-perl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:46:34.242Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877409"}, {"name": "openSUSE-SU-2020:1483", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html"}, {"name": "openSUSE-SU-2020:1502", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html"}, {"name": "FEDORA-2020-f30298614a", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/"}, {"name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2386-1] libdbi-perl security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-14393", "datePublished": "2020-09-16T13:27:17", "dateReserved": "2020-06-17T00:00:00", "dateUpdated": "2024-08-04T12:46:34.242Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:perl:database_interface:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7B50234-51E3-40C3-A120-EEE5023325E3", "versionEndExcluding": "1.643", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data."}, {"lang": "es", "value": "Se encontr\u00f3 un desbordamiento de b\u00fafer en perl-DBI versiones anteriores a 1.643 en el archivo DBI.xs. Un atacante local que es capaz de suministrar una cadena de m\u00e1s de 300 caracteres que podr\u00eda causar una escritura fuera de l\u00edmites, afectando la disponibilidad del servicio o la integridad de los datos"}], "id": "CVE-2020-14393", "lastModified": "2024-11-21T05:03:09.973", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-16T14:15:12.860", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877409"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877409"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "perl-dbi: Buffer overflow on an overlong DBD class name", "id": "1877409", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877409"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "status": "draft"}, "cwe": "CWE-121->CWE-787", "details": ["A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.", "A buffer overflow was found in perl-DBI before version 1.643 in DBI.xs. This flaw allows a local attacker who can supply a string longer than 300 characters to cause an out-of-bounds write. The highest threat from this vulnerability is to integrity and system availability."], "name": "CVE-2020-14393", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "perl-DBI", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "perl-DBI", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "perl-DBI", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "perl-DBI", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-perl526-perl-DBI", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-perl530-perl-DBI", "product_name": "Red Hat Software Collections"}], "public_date": "2019-08-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-14393\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14393\nhttps://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643"], "threat_severity": "Low", "upstream_fix": "perl-DBI 1.643"}