CVE-2014-10402Incorrect Permission Assignment in DBI

CWE-732Incorrect Permission AssignmentCWE-73External Control of File Name or PathCWE-825Expired Pointer Dereference13 documents9 sources
Severity
6.1MEDIUMNVD
EPSS
0.0%
top 93.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Perl DBI
Timeline
PublishedSep 16
Latest updateMay 17

Description

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 1.8 | Impact: 4.2

Affected Packages1 packages

NVDperl/dbi1.643

Patches

Patch: rt.cpan.orgPatch: rt.cpan.org

🔴Vulnerability Details

5
GHSA
GHSA-qc7v-jjp2-38r9: An issue was discovered in the DBI module through 12022-05-17
OSV
libdbi-perl vulnerabilities2022-02-03
OSV
libdbi-perl vulnerabilities2021-08-04
CVEList
CVE-2014-10402: An issue was discovered in the DBI module through 12020-09-16
OSV
CVE-2014-10402: An issue was discovered in the DBI module through 12020-09-16

📋Vendor Advisories

5
Ubuntu
Perl DBI module vulnerabilities2022-02-03
Ubuntu
Perl DBI module vulnerabilities2021-08-04
Red Hat
perl-dbi: Incomplete fix for CVE-2014-104012020-09-16
Microsoft
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DS2020-09-08
Debian
CVE-2014-10402: libdbi-perl - An issue was discovered in the DBI module through 1.643 for Perl. DBD::File driv...2014

💬Community

1
Bugzilla
CVE-2014-10402 perl-dbi: Incomplete fix for CVE-2014-104012020-09-16
CVE-2014-10402 — Incorrect Permission Assignment in DBI | cvebase