Vulnerability CVE-2009-1341


Published: 2009-04-30   Modified: 2012-02-13

Description:
Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.

Type:

CWE-200

(Information Exposure)

Vendor: Debian
Product: Libdbd-pg-perl 
Version:
1.4.9
1.4.8
1.4.7
1.4.6
1.4.5
1.4.4
1.4.3
1.4.2
1.4.1
1.4.0
1.3.2
1.3.1
1.2.2
1.2.1
1.2.0
1.0.1
1.0.0
0.99
0.98
0.97
0.96
0.95
0.94
0.93
0.92
0.91
0.90
0.89
0.88
0.87
0.86
0.85
0.84
0.83
0.82
0.81
0.80
0.73
0.72
0.71
0.70
0.69
0.68
0.67
0.66
0.65
0.64
0.63
0.62
0.61
0.52
0.51
0.5
0.4
0.3
0.2
0.1

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
https://launchpad.net/bugs/cve/2009-1341
http://xforce.iss.net/xforce/xfdb/50387
http://www.securityfocus.com/bid/34757
http://www.redhat.com/support/errata/RHSA-2009-1067.html
http://www.redhat.com/support/errata/RHSA-2009-0479.html
http://www.debian.org/security/2009/dsa-1780
http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz
http://secunia.com/advisories/35685
http://secunia.com/advisories/35058
http://secunia.com/advisories/34909
http://rt.cpan.org/Public/Bug/Display.html?id=21392
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9680
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.13.1/Changes

Related CVE
CVE-2019-12474
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVE-2019-12466
Wikimedia MediaWiki through 1.32.1 allows CSRF.
CVE-2019-13345
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.
CVE-2019-13232
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
CVE-2019-7165
A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code.
CVE-2019-12594
DOSBox 0.74-2 has Incorrect Access Control.
CVE-2019-12781
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django vi...
CVE-2019-13031
LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule.

Copyright 2019, cxsecurity.com

 

Back to Top