Vulnerability CVE-2009-1341


Published: 2009-04-30   Modified: 2012-02-13

Description:
Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.

Type:

CWE-200

(Information Exposure)

Vendor: Debian
Product: Libdbd-pg-perl 
Version:
1.4.9
1.4.8
1.4.7
1.4.6
1.4.5
1.4.4
1.4.3
1.4.2
1.4.1
1.4.0
1.3.2
1.3.1
1.2.2
1.2.1
1.2.0
1.0.1
1.0.0
0.99
0.98
0.97
0.96
0.95
0.94
0.93
0.92
0.91
0.90
0.89
0.88
0.87
0.86
0.85
0.84
0.83
0.82
0.81
0.80
0.73
0.72
0.71
0.70
0.69
0.68
0.67
0.66
0.65
0.64
0.63
0.62
0.61
0.52
0.51
0.5
0.4
0.3
0.2
0.1

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
https://launchpad.net/bugs/cve/2009-1341
http://xforce.iss.net/xforce/xfdb/50387
http://www.securityfocus.com/bid/34757
http://www.redhat.com/support/errata/RHSA-2009-1067.html
http://www.redhat.com/support/errata/RHSA-2009-0479.html
http://www.debian.org/security/2009/dsa-1780
http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz
http://secunia.com/advisories/35685
http://secunia.com/advisories/35058
http://secunia.com/advisories/34909
http://rt.cpan.org/Public/Bug/Display.html?id=21392
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9680
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.13.1/Changes

Related CVE
CVE-2019-3880
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation...
CVE-2019-0211
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with...
CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictio...
CVE-2019-10904
Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.
CVE-2019-10868
In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the...
CVE-2019-7524
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
CVE-2019-5420
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals t...
CVE-2019-5419
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

Copyright 2019, cxsecurity.com

 

Back to Top