|CVE-2013-7490 CVE-2014-10401 CVE-2019-20919 CVE-2020-14392 CVE-2020-14393
Several vulnerabilities were discovered in the Perl5 Database Interface (DBI). An attacker could trigger a denial-of-service (DoS), information disclosure and possibly execute arbitrary code.
Using many arguments to methods for Callbacks may lead to memory corruption.
DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.
The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.
An untrusted pointer dereference flaw was found in Perl-DBI. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service’s availability.
A buffer overflow on via an overlong DBD class name in dbih_setup_handle function may lead to data be written past the intended limit.
For Debian 8 jessie, these problems have been fixed in version 1.631-3+deb8u1.
We recommend that you upgrade your libdbi-perl packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.