Vulnerability Details : CVE-2009-1341
Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.
Vulnerability category: Denial of serviceInformation leak
Products affected by CVE-2009-1341
- cpe:2.3:a:debian:libdbd-pg-perl:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.83:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.82:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.69:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.68:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.61:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.52:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.94:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.89:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.99:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.88:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.87:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.73:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.72:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.65:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.64:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.98:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.81:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.80:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.67:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.66:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.51:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.97:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.86:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.85:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.84:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.71:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.70:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.63:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.62:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:libdbd-pg-perl:1.4.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-1341
2.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1341
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2009-1341
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1341
-
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:012 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.redhat.com/support/errata/RHSA-2009-1067.html
Support
-
http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.13.1/Changes
Changes - metacpan.org
-
http://www.redhat.com/support/errata/RHSA-2009-0479.html
Support
-
https://launchpad.net/bugs/cve/2009-1341
CVE-2009-1341
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9680
404 Not Found
-
http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz
404 Not Found
-
http://www.debian.org/security/2009/dsa-1780
[SECURITY] [DSA 1780-1] New libdbd-pg-perl packages fix potential code execution
-
http://www.securityfocus.com/bid/34757
-
http://rt.cpan.org/Public/Bug/Display.html?id=21392
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/50387
libdbd-pg-perl dequote_bytea() function denial of service CVE-2009-1341 Vulnerability Report
Jump to