CVE-2020-14393

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.

References

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html

https://bugzilla.redhat.com/show_bug.cgi?id=1877409

https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/

https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643

Details

Source: MITRE

Published: 2020-09-16

Updated: 2020-09-28

Type: CWE-787

Risk Information

CVSS v2

Base Score: 3.6

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 7.1

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Impact Score: 5.2

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
152230Ubuntu 18.04 LTS / 20.04 LTS : Perl DBI module vulnerabilities (USN-5030-1)NessusUbuntu Local Security Checks
high
151418EulerOS Virtualization 3.0.2.2 : perl-DBI (EulerOS-SA-2021-2158)NessusHuawei Local Security Checks
high
151304EulerOS Virtualization for ARM 64 3.0.2.0 : perl-DBI (EulerOS-SA-2021-2112)NessusHuawei Local Security Checks
high
150595SUSE SLES11 Security Update : perl-DBI (SUSE-SU-2020:14493-1)NessusSuSE Local Security Checks
high
147693EulerOS Virtualization 2.9.0 : perl-DBI (EulerOS-SA-2021-1650)NessusHuawei Local Security Checks
high
147556EulerOS Virtualization 2.9.1 : perl-DBI (EulerOS-SA-2021-1622)NessusHuawei Local Security Checks
high
147132EulerOS Virtualization 3.0.6.6 : perl-DBI (EulerOS-SA-2021-1510)NessusHuawei Local Security Checks
high
147044EulerOS Virtualization for ARM 64 3.0.6.0 : perl-DBI (EulerOS-SA-2021-1552)NessusHuawei Local Security Checks
high
145186EulerOS 2.0 SP3 : perl-DBI (EulerOS-SA-2021-1109)NessusHuawei Local Security Checks
high
144233EulerOS 2.0 SP5 : perl-DBI (EulerOS-SA-2020-2559)NessusHuawei Local Security Checks
high
143835SUSE SLES12 Security Update : perl-DBI (SUSE-SU-2020:2661-1)NessusSuSE Local Security Checks
high
143733SUSE SLED15 / SLES15 Security Update : perl-DBI (SUSE-SU-2020:2645-1)NessusSuSE Local Security Checks
high
143715SUSE SLED15 / SLES15 Security Update : perl-DBI (SUSE-SU-2020:2646-1)NessusSuSE Local Security Checks
high
142336EulerOS 2.0 SP9 : perl-DBI (EulerOS-SA-2020-2435)NessusHuawei Local Security Checks
high
142312EulerOS 2.0 SP2 : perl-DBI (EulerOS-SA-2020-2382)NessusHuawei Local Security Checks
high
142252EulerOS 2.0 SP9 : perl-DBI (EulerOS-SA-2020-2417)NessusHuawei Local Security Checks
high
142164EulerOS 2.0 SP8 : perl-DBI (EulerOS-SA-2020-2315)NessusHuawei Local Security Checks
high
140934Debian DLA-2386-1 : libdbi-perl security updateNessusDebian Local Security Checks
high
140817Fedora 31 : perl-DBI (2020-f30298614a)NessusFedora Local Security Checks
high
140744openSUSE Security Update : perl-DBI (openSUSE-2020-1502)NessusSuSE Local Security Checks
high
140691openSUSE Security Update : perl-DBI (openSUSE-2020-1483)NessusSuSE Local Security Checks
high
140562GLSA-202009-07 : Perl DBI: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high