CVE-2009-1341
Vulnerability Summary
Timeline
Description
Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.
CVSS Metrics
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 6.47%• Percentile: 91%
Techniques & Countermeasures
- CWE-200•Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Affected Systems
- debian•libdbd-pg-perl
≤ 1.4.9 | 0.1 | 0.2 | 0.3 | 0.4 | 0.5 | 0.51 | 0.52 | 0.61 | 0.62 | 0.63 | 0.64 | 0.65 | 0.66 | 0.67 | 0.68 | 0.69 | 0.70 | 0.71 | 0.72 | 0.73 | 0.80 | 0.81 | 0.82 | 0.83 | 0.84 | 0.85 | 0.86 | 0.87 | 0.88 | 0.89 | 0.90 | 0.91 | 0.92 | 0.93 | 0.94 | 0.95 | 0.96 | 0.97 | 0.98 | 0.99 | 1.0.0 | 1.0.1 | 1.2.0 | 1.2.1 | 1.2.2 | 1.3.1 | 1.3.2 | 1.4.0 | 1.4.1 | 1.4.2 | 1.4.3 | 1.4.4 | 1.4.5 | 1.4.6 | 1.4.7 | 1.4.8
References (14)
- http://www.redhat.com/support/errata/RHSA-2009-1067.html
- http://www.securityfocus.com/bid/34757
- http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz
- https://launchpad.net/bugs/cve/2009-1341
- http://secunia.com/advisories/34909
- http://www.redhat.com/support/errata/RHSA-2009-0479.html
- http://secunia.com/advisories/35685
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9680
- http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.13.1/Changes
- http://www.debian.org/security/2009/dsa-1780
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
- http://secunia.com/advisories/35058
- http://rt.cpan.org/Public/Bug/Display.html?id=21392
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50387