CVE-2019-20919

Опубликовано: 17 сент. 2020

Источник: nvd

CVSS3: 4.7

CVSS2: 1.9

EPSS Низкий

Описание

An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00012.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00013.html
Mailing List
Third Party Advisory
https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643-...
Third Party Advisory
https://usn.ubuntu.com/4534-1/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00012.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00013.html
Mailing List
Third Party Advisory
https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/
https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643-...
Third Party Advisory
https://usn.ubuntu.com/4534-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:perl:dbi:*:*:*:*:*:*:*:*

Версия до 1.643 (исключая)

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Конфигурация 4

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00116

Низкий

4.7 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-476

Связанные уязвимости

CVE-2019-20919

CVSS3: 4.7

ubuntu

больше 5 лет назад

CVE-2019-20919

CVSS3: 4.7

redhat

больше 6 лет назад

CVE-2019-20919

CVSS3: 4.7

debian

больше 5 лет назад

An issue was discovered in the DBI module before 1.643 for Perl. The h ...

openSUSE-SU-2020:1628-1

suse-cvrf

больше 5 лет назад

Security update for perl-DBI

openSUSE-SU-2020:1620-1

suse-cvrf

больше 5 лет назад

Security update for perl-DBI

EPSS

Процентиль: 31%

0.00116

Низкий

4.7 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-476