CPANSA-DBI-2014-10402: DBI vulnerability

Publisher	giterlizzi	Document category	csaf_security_advisory
Initial release date	2020-09-16T00:00:00	Engine	CSAF Perl Toolkit 0.25
Current release date	2020-09-16T00:00:00	Build Date
Current version	1	Status	final
CVSS v3.1 Base Score	6.1	Severity	Medium
Original language		Language	en
Also referred to

Vulnerability Description

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.

Vulnerabilities

CVE-2014-10402

Vulnerability Description

Weakness	CWE-732 : Incorrect Permission Assignment for Critical Resource

Product status

Known affected

Product

Score

DBI less than 1.643

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
3.1	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L	6.1	Medium
2.0	AV:L/AC:L/Au:N/C:P/I:N/A:P	3.6	Low

Fixed

DBI greater than or equal 1.644

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

CPANSA-DBI-2014-10402 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2020/cpansa-dbi-2014-10402.json
https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590 external
https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590
https://metacpan.org/release/HMBRAND/DBI-1.643_01/view/Changes external
https://metacpan.org/release/HMBRAND/DBI-1.643_01/view/Changes
CVE-2014-10402 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2014-10402

Revision history

Version	Date of the revision	Summary of the revision
1	Wed Sep 16 00:00:00 2020	First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/