CVE-2019-20919

An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.

References

Affected packages

Debian:11 / libdbi-perl

Package

Name: libdbi-perl
Purl: pkg:deb/debian/libdbi-perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.643-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libdbi-perl

Package

Name: libdbi-perl
Purl: pkg:deb/debian/libdbi-perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.643-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libdbi-perl

Package

Name: libdbi-perl
Purl: pkg:deb/debian/libdbi-perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.643-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/perl5-dbi/dbi

Affected ranges

Type: GIT
Repo: https://github.com/perl5-dbi/dbi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

eca7d7c8f43d96f6277e86d1000e842eb4cc67ff

Fixed

eca7d7c8f43d96f6277e86d1000e842eb4cc67ff

Affected versions

1.*

1.602

1.607

1.611_90

1.611_91

1.611_92

1.611_93

1.611_94

1.613_70

1.613_71

1.613_90

1.613_91

1.613_92

1.613_93

1.614_90

1.615

1.618

1.619

1.622

1.624

1.625

1.626

1.627

1.628

1.630

1.631

1.632

1.632_90

1.633

1.633_90

1.633_91

1.633_92

1.634

1.635

1.636

1.637

1.638

1.639

1.640

1.641

1.642

DBI-1.*

DBI-1.47

DBI-1.51

DBI-1.57

DBI-1.58