Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-20919: Fix a NULL profile dereference in dbi_profile() · perl5-dbi/dbi@eca7d7c

An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.

CVE
#perl

@@ -2888,8 +2888,12 @@ dbi_profile(SV *h, imp_xxh_t *imp_xxh, SV *statement_sv, SV *method, NV t1, NV t

mg_get(profile); /* FETCH */

if (!profile || !SvROK(profile)) {

DBIc_set(imp_xxh, DBIcf_Profile, 0); /* disable */

if (SvOK(profile) && !PL_dirty)

warn("Profile attribute isn’t a hash ref (%s,%ld)", neatsvpv(profile,0), (long)SvTYPE(profile));

if (!PL_dirty) {

if (!profile)

warn(“Profile attribute does not exist”);

else if (SvOK(profile))

warn("Profile attribute isn’t a hash ref (%s,%ld)", neatsvpv(profile,0), (long)SvTYPE(profile));

}

return &PL_sv_undef;

}

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907