CVE-2020-14392

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.

References

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html

https://bugzilla.redhat.com/show_bug.cgi?id=1877402

https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/

https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643

https://usn.ubuntu.com/4503-1/

Details

Source: MITRE

Published: 2020-09-16

Updated: 2020-09-28

Type: CWE-119

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
151781EulerOS 2.0 SP5 : perl-DBI (EulerOS-SA-2021-2226)NessusHuawei Local Security Checks
medium
151304EulerOS Virtualization for ARM 64 3.0.2.0 : perl-DBI (EulerOS-SA-2021-2112)NessusHuawei Local Security Checks
high
151227EulerOS Virtualization 3.0.6.6 : perl-DBI (EulerOS-SA-2021-2041)NessusHuawei Local Security Checks
medium
150595SUSE SLES11 Security Update : perl-DBI (SUSE-SU-2020:14493-1)NessusSuSE Local Security Checks
high
147693EulerOS Virtualization 2.9.0 : perl-DBI (EulerOS-SA-2021-1650)NessusHuawei Local Security Checks
high
147556EulerOS Virtualization 2.9.1 : perl-DBI (EulerOS-SA-2021-1622)NessusHuawei Local Security Checks
high
147044EulerOS Virtualization for ARM 64 3.0.6.0 : perl-DBI (EulerOS-SA-2021-1552)NessusHuawei Local Security Checks
high
144130EulerOS 2.0 SP8 : perl-DBI (EulerOS-SA-2020-2525)NessusHuawei Local Security Checks
medium
143835SUSE SLES12 Security Update : perl-DBI (SUSE-SU-2020:2661-1)NessusSuSE Local Security Checks
high
143733SUSE SLED15 / SLES15 Security Update : perl-DBI (SUSE-SU-2020:2645-1)NessusSuSE Local Security Checks
high
143715SUSE SLED15 / SLES15 Security Update : perl-DBI (SUSE-SU-2020:2646-1)NessusSuSE Local Security Checks
high
143409EulerOS 2.0 SP9 : perl-DBI (EulerOS-SA-2020-2488)NessusHuawei Local Security Checks
medium
143399EulerOS 2.0 SP9 : perl-DBI (EulerOS-SA-2020-2501)NessusHuawei Local Security Checks
medium
140934Debian DLA-2386-1 : libdbi-perl security updateNessusDebian Local Security Checks
high
140817Fedora 31 : perl-DBI (2020-f30298614a)NessusFedora Local Security Checks
high
140744openSUSE Security Update : perl-DBI (openSUSE-2020-1502)NessusSuSE Local Security Checks
high
140691openSUSE Security Update : perl-DBI (openSUSE-2020-1483)NessusSuSE Local Security Checks
high
140646Ubuntu 16.04 LTS / 18.04 LTS : Perl DBI module vulnerability (USN-4503-1)NessusUbuntu Local Security Checks
medium
140562GLSA-202009-07 : Perl DBI: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high