The one place for your designs
To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.
perl-dbi: Multiple vulnerabilities (CVE-2020-14392, CVE-2020-14393)
CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated
A flaw was found in perl-dbi before version 1.643. Macro ST() returns pointer to Perl stack. Other Perl functions which use Perl stack (e.g. eval) may reallocate Perl stack and therefore pointer returned by ST() macro is invalid which may lead to memory corruption.
References:
- https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643
- https://security-tracker.debian.org/tracker/CVE-2020-14392
Patch:
https://github.com/perl5-dbi/dbi/commit/ea99b6aafb437db53c28fd40d5eafbe119cd66e1
CVE-2020-14393: Buffer overflow on an overlong DBD class name
A flaw was found in perl-dbi before version 1.643. A buffer overflow on via an overlong DBD class name in dbih_setup_handle function may lead to data be written past the intended limit.
References:
- https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643
- https://security-tracker.debian.org/tracker/CVE-2020-14393
Patch:
https://github.com/perl5-dbi/dbi/commit/36f2a2c5fea36d7d47d6871e420286643460e71b