Vulnerability CVE-2009-1341


Published: 2009-04-30   Modified: 2012-02-13

Description:
Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.

Type:

CWE-200

(Information Exposure)

Vendor: Debian
Product: Libdbd-pg-perl 
Version:
1.4.9
1.4.8
1.4.7
1.4.6
1.4.5
1.4.4
1.4.3
1.4.2
1.4.1
1.4.0
1.3.2
1.3.1
1.2.2
1.2.1
1.2.0
1.0.1
1.0.0
0.99
0.98
0.97
0.96
0.95
0.94
0.93
0.92
0.91
0.90
0.89
0.88
0.87
0.86
0.85
0.84
0.83
0.82
0.81
0.80
0.73
0.72
0.71
0.70
0.69
0.68
0.67
0.66
0.65
0.64
0.63
0.62
0.61
0.52
0.51
0.5
0.4
0.3
0.2
0.1

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
https://launchpad.net/bugs/cve/2009-1341
http://xforce.iss.net/xforce/xfdb/50387
http://www.securityfocus.com/bid/34757
http://www.redhat.com/support/errata/RHSA-2009-1067.html
http://www.redhat.com/support/errata/RHSA-2009-0479.html
http://www.debian.org/security/2009/dsa-1780
http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz
http://secunia.com/advisories/35685
http://secunia.com/advisories/35058
http://secunia.com/advisories/34909
http://rt.cpan.org/Public/Bug/Display.html?id=21392
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9680
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.13.1/Changes

Related CVE
CVE-2019-15846
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
CVE-2019-15892
An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a...
CVE-2019-10197
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared ...
CVE-2015-9383
FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.
CVE-2015-9382
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.
CVE-2015-9381
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.
CVE-2019-14970
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
CVE-2019-14778
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.

Copyright 2019, cxsecurity.com

 

Back to Top