DBI 0.64 Deleted
Security Advisories
CVE-2020-14393
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.
Fixed version: >=1.643
Severity: high
Reported: 2020-09-16
CVE-2020-14392
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
- https://bugzilla.redhat.com/show_bug.cgi?id=1877402
- https://bugzilla.redhat.com/show_bug.cgi?id=1877402
- https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html
- https://usn.ubuntu.com/4503-1/
Fixed version: >=1.643
Severity: high
Reported: 2020-06-17
CVE-2019-20919
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20919
- https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff
- https://bugzilla.redhat.com/show_bug.cgi?id=1877405
- https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/US6VXPKVAYHOKNFSAFLM3FWNYZSJKQHS/
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KJN7E27GD6QQ2CRGEJ3TNW2DJFXA2AKN/
- https://ubuntu.com/security/notices/USN-4534-1
Fixed version: >=1.643
Severity: high
Reported: 2020-09-17
DBD::File drivers open files from folders other than specifically passed using the f_dir attribute.
Fixed version: >=1.632
Severity: high
Reported: 2014-10-15
CVE-2005-0077
Allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.
Fixed version: >=1.47
Reported: 2005-05-02
CVE-2014-10402
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.
Severity: medium
Reported: 2020-09-16
CVE-2014-10401
An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.
- https://rt.cpan.org/Public/Bug/Display.html?id=99508
- https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a
- https://usn.ubuntu.com/4509-1/
Severity: medium
Reported: 2020-09-11
CVE-2013-7491
An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.
- https://github.com/perl5-dbi/dbi/commit/401f1221311c71f760e21c98772f0f7e3cbead1d
- https://rt.cpan.org/Public/Bug/Display.html?id=85562
Severity: medium
Reported: 2020-09-11
CVE-2013-7490
An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.
- https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead53f65766
- https://rt.cpan.org/Public/Bug/Display.html?id=86744#txn-1880941
- https://usn.ubuntu.com/4509-1/
Severity: medium
Reported: 2020-09-11
Kwalitee Issues
- extractable
-
Pack the distribution with a proper command such as "make dist" and "./Build dist", or use a distribution builder such as Dist::Zilla, Dist::Milla, Minilla. You might also need to set some options or environmental variables to ensure your archiver work portably.
Error: Read error on tarfile (missing data) 'DBI-0.64/README' at offset unknown at site_perl/lib/Archive/Any/Lite.pm line 119.