Lucene search

GoogleOSV:CVE-2019-20919

HistorySep 17, 2020 - 6:15 p.m.

CVE-2019-20919

2020-09-1718:15:12

Google

osv.dev

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.2%

JSON

An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.

CPENameOperatorVersion
dbieq1.633_90
dbieq1.618
dbieq1.641
dbieq1.630
dbieqDBI-1.51
dbieq1.633
dbieq1.637
dbieqDBI-1.57
dbieq1.607
dbieq1.611_94

Name	Operator	Version
dbi	eq	1.633_90
dbi	eq	1.618
dbi	eq	1.641
dbi	eq	1.630
dbi	eq	DBI-1.51
dbi	eq	1.633
dbi	eq	1.637
dbi	eq	DBI-1.57
dbi	eq	1.607
dbi	eq	1.611_94

Rows per page:

1-10 of 441

References

lists.opensuse.org/opensuse-security-announce/2020-10/msg00012.html

lists.opensuse.org/opensuse-security-announce/2020-10/msg00013.html

github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff

lists.debian.org/debian-lts-announce/2020/09/msg00026.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/

metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643-...

usn.ubuntu.com/4534-1/