CVE-2020-14393Stack-based Buffer Overflow in Database Interface

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write13 documents9 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 68.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Perl Database InterfaceDebian LinuxFedoraproject Fedora+1 more
Timeline
PublishedSep 16
Latest updateMay 24

Description

A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

NVDopensuse/leap15.2

Also affects: Debian Linux 9.0, Fedora 31

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

5
GHSA
GHSA-g7gr-3q49-q5r9: A buffer overflow was found in perl-DBI < 12022-05-24
OSV
libdbi-perl vulnerabilities2022-02-03
OSV
libdbi-perl vulnerabilities2021-08-04
CVEList
CVE-2020-14393: A buffer overflow was found in perl-DBI < 12020-09-16
OSV
CVE-2020-14393: A buffer overflow was found in perl-DBI < 12020-09-16

💥Exploits & PoCs

1
Exploit-DB
Foxit Reader 9.0.1.1049 - Arbitrary Code Execution2020-11-27

📋Vendor Advisories

4
Ubuntu
Perl DBI module vulnerabilities2022-02-03
Ubuntu
Perl DBI module vulnerabilities2021-08-04
Debian
CVE-2020-14393: libdbi-perl - A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who ...2020
Red Hat
perl-dbi: Buffer overflow on an overlong DBD class name2019-08-01

💬Community

2
Bugzilla
CVE-2020-14393 perl-dbi: Buffer overflow on an overlong DBD class name2020-09-09
Bugzilla
CVE-2020-14393 perl-DBI: Buffer overlfow on an overlong DBD class name [fedora-all]2020-09-09
CVE-2020-14393 — Stack-based Buffer Overflow | cvebase