Vulnerability Details : CVE-2013-7490
An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2013-7490
- cpe:2.3:a:perl:dbi:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-7490
0.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-7490
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2013-7490
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-7490
-
https://rt.cpan.org/Public/Bug/Display.html?id=86744#txn-1880941
Bug #86744 for DBI: Possible memory corruption when using execute callback and _many_ paramsThird Party Advisory
-
https://usn.ubuntu.com/4509-1/
USN-4509-1: Perl DBI module vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014
DBI::Changes - List of significant changes to the DBI - metacpan.orgRelease Notes;Third Party Advisory
-
https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead53f65766
Fixed risk of memory corruption with many arguments to methods RT#86744 · perl5-dbi/dbi@a8b98e9 · GitHubPatch;Third Party Advisory
Jump to