CVE-2020-14393

Published: 16 September 2020

A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.

Priority

Low

CVSS 3 base score: 7.1

Status

Package Release Status
libdbi-perl
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1.643-2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1.643-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.640-1ubuntu0.3)
Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://github.com/perl5-dbi/dbi/commit/36f2a2c5fea36d7d47d6871e420286643460e71b