- Fix memory corruption in XS functions when Perl stack is reallocated
- Fix a potential NULL profile deref in dbi_profile()
- Fix a buffer overflow on an overlong DBD class name"
It's not clear how exploitable either of these are, though.
ping, ready to stable?
(In reply to Sam James from comment #2)
> ping, ready to stable?
The bug has been referenced in the following commit(s):
Author: Kent Fredric <firstname.lastname@example.org>
AuthorDate: 2020-09-07 09:28:02 +0000
Commit: Kent Fredric <email@example.com>
CommitDate: 2020-09-07 09:28:02 +0000
dev-perl/DBI: Cleanup old 1.637.0 re bug #732636
Package-Manager: Portage-3.0.4, Repoman-3.0.1
Signed-off-by: Kent Fredric <firstname.lastname@example.org>
dev-perl/DBI/DBI-1.637.0.ebuild | 37 -------------------------------------
dev-perl/DBI/Manifest | 1 -
2 files changed, 38 deletions(-)
New GLSA request filed.
This issue was resolved and addressed in
GLSA 202009-07 at https://security.gentoo.org/glsa/202009-07
by GLSA coordinator Thomas Deutschmann (whissi).
(In reply to GLSAMaker/CVETool Bot from comment #17)
> This issue was resolved and addressed in
> GLSA 202009-07 at https://security.gentoo.org/glsa/202009-07
> by GLSA coordinator Thomas Deutschmann (whissi).
Just going to point out, that currently, none of the linked CVE entries have any data presented. NVD just says "CVE ID Not Found".
I don't even know how these ID's were discovered :(
But it just means the statement presented at https://security.gentoo.org/glsa/202009-07
> Please review the referenced CVE identifiers for details.
Is pretty much useless in this context.
That's a flaw in CVE progress. The CNA who assigned the CVE has to publish the data which didn't happen yet. The following information is currently awaiting publication:
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.