Veracode Vulnerability DatabaseVERACODE:28273Denial Of Service (DoS)
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
perl-DBI is vulnerable to denial of service attacks. A local attacker could cause an out-of-bounds write via a string longer than 300 characters affecting either availability of the service or integrity of data.
References
lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html
bugzilla.redhat.com/show_bug.cgi?id=1877409
lists.debian.org/debian-lts-announce/2020/09/msg00026.html
lists.fedoraproject.org/archives/list/[email protected]/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643
security-tracker.debian.org/tracker/CVE-2020-14393
Related
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P