Vulnerability Details : CVE-2012-1151
Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2012-1151
- cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.11.7:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.11.8:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:1.48:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:1.47:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:1.42:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:1.41:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.18.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.11.6:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.11.4:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:1.49:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:1.45:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:1.44:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:1.31:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.17.2:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:1.40:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:1.32:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.16.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.17.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.11.5:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:2.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:1.46:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:1.43:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:1.22:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:1.21:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.85:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.84:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.71:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.70:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.62:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.61:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.98:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.97:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.89:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.88:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.81:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.80:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.66:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.65:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.99:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.83:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.82:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.69:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.68:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.67:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.52:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.94:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.87:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.86:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.73:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.72:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.64:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.63:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:0.1:*:*:*:*:*:*:*
Threat overview for CVE-2012-1151
Top countries where our scanners detected CVE-2012-1151
Top open port discovered on systems with this issue
80
IPs affected by CVE-2012-1151 361
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-1151!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-1151
3.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-1151
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-1151
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1151
-
https://bugzilla.redhat.com/show_bug.cgi?id=801733
801733 – (CVE-2012-1151) CVE-2012-1151 perl-DBD-Pg: Format string flaws by turning db notices into Perl warnings and by preparing DBD statement
-
http://www.openwall.com/lists/oss-security/2012/03/10/4
oss-security - Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/73855
DBD::Pg module for Perl dbd_st_prepare() format string CVE-2012-1151 Vulnerability Report
-
http://www.openwall.com/lists/oss-security/2012/03/09/6
oss-security - CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws
-
http://security.gentoo.org/glsa/glsa-201204-08.xml
Perl DBD-Pg Module: Arbitrary code execution (GLSA 201204-08) — Gentoo security
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:112
mandriva.com
-
http://www.debian.org/security/2012/dsa-2431
Debian -- Security Information -- DSA-2431-1 libdbd-pg-perl
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536
#661536 - libdbd-pg-perl: CVE-2012-1151: Format string vulnerabilities in server error parsing - Debian Bug report logs
-
https://rt.cpan.org/Public/Bug/Display.html?id=75642
Bug #75642 for DBD-Pg: Format string security issue with a malicious server
-
http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/73854
DBD::Pg module for Perl pg_warn() format string CVE-2012-1151 Vulnerability Report
-
http://rhn.redhat.com/errata/RHSA-2012-1116.html
RHSA-2012:1116 - Security Advisory - Red Hat Customer Portal
Jump to